Category Archives: Service Provider

Locator/ID Separation Protocol – LISP Part 1

Locator/ID Separation Protocol – LISP

The Locator/ID Separation Protocol (LISP) is a network architecture that implements the use of two namespaces instead of a single IP address. These namespaces, known as endpoint identifiers (EIDs), are assigned to end-hosts and routing locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system. LISP is documented in RFC6830.

Separating Location and Identity provide a clear separation at the Network Layer between what we are looking for vs. how best to get there.

Network Layer Identifier – WHO you are in the network
Network Layer Locator – WHERE you are in the network
WHERE you are can change!
WHO you are should be the same!

LISP changes the routing architecture to implement a level of indirection between a hosts IDENTITY and its LOCATION in the network.

Control Plane – Map end point identities to their current location.
Data Plane – Encapsulates EID-addressed packets inside RLOC-addressed headers.

Traditional routing protocols uses a “PUSH” model to build a topology from the information gathered from the routing protocol, compute and install best route entries, and then advertise this information to neighbors. This information is pushed to all the neighbors in the routing domain without each neighbor actually requesting the routing information.

LISP uses a “PULL” model. If a router need to make a forwarding decision, it will ask the mapping database for the RLOCs associated with the destination EID prefix. The database responds with the EIDs to RLOCs mapping and the router caches it and send the packet towards RLOC to reach the EID prefix. It resembles the architecture employed by DNS. Once the information is cached and programmed into the forwarding table, the router will perform normal packet forwarding for subsequent packets being forwarded to that same destination. In order words, the router requests the forwarding information it needs, instead of being given all of the routing information implicitly.

LISP is an encapsulation/tunneling technology used to build overlays, it can use any underlying transport, as long as there is IPv4/IPv6 reachability in the underlay. This is accomplished in our network as the SP core is running BGP with each site. Note that this “underlay” is what is referred to as the RLOC space – the global BGP table. Like GRE or other tunneling techniques, we can tunnel one address-family over another. LISP uses a simple header, consisting of the outer IPv4/IPv6 header (RLOC source/destination), and a UDP + LISP header. For user data-traffic being encapsulated, LISP uses a destination UDP port of 4341. For the control-plane messaging between LISP nodes, UDP port 4342 is used. From an MTU perspective, LISP adds 36 Bytes of overhead for IPv4 (20 for IPv4 header, 8 for UDP, 8 for LISP), and 56 Bytes for IPv6.

Use Cases

LISP Deployment Models
Private Model
  • Private LISP deployment supports single enterprise
  • LISP Enterprise deploys:
    • xTRs
    • Mapping Systems
    • Proxy System, if required
Public Model
  • Public LISP deployment supports the need of multiple enterprises
  • LISP service provider deploys ‘shared’ Mapping System and Proxy System
  • LISP Enterprises subscribe to LISP SP, and deploy their own xTRs
Main Attributes of LISP

Ingress Tunnel Router (iTR) – An iTR is a router that resides in a LISP site.  Packets sent by sources inside of the LISP site to destinations outside of the site are candidates for encapsulation by the iTR. An iTR is also in charge of querying the mapping database when trying to make a forwarding decision. The query is sent to the Map Resolver using a Map-Request message.

Egress Tunnel Router (eTR) – An eTR is a router that accepts an IP packet where the destination address in the “outer” IP header is one of its own RLOCs.  The router strips the “outer” header and forwards the packet based on the next IP header found. This device is in charge of receiving LISP encapsulated packets from the underlay network, decapsulating them, and forwarding them towards the final destination inside the site.

xTR – Usually iTR and eTR functions are collocated on the same router, that router is called xTR.

Endpoint ID (EID) – An EID is a 32-bit (for IPv4) or 128-bit (for IPv6) value, typically an IP address allocated to End hosts at a site. EIDs MUST NOT be used as LISP RLOCs.

EID Prefix – EID prefixes are block of EIDs allocated to a site.

Routing Locator (RLOC) – An RLOC is an IPv4 or IPv6 address of an Egress Tunnel Router (eTR).  An RLOC is the output of an EID-to-RLOC mapping lookup.  An EID maps to one or more RLOCs. This address is routed in the global routing and must be reachable from other LISP site’s eTRs.

Proxy-iTR (PiTR) – A PiTR acts like an iTR but does so on behalf of non-LISP sites that send packets to destinations at LISP sites. A PiTR is defined in RFC6832.

Proxy-eTR (PeTR) – A PeTR acts like an eTR but does so on behalf of LISP sites that send packets to destinations at non-LISP sites. A PeTR is defined in RFC6832.

Proxy-xTR – A router performing both functions PiTR and PeTR is called a PxTR.

Map Server (MS) – Map Server holds all of the EID to RLOC mappings for all of the sites it is responsible for. The Map Server takes registrations from eTR routers via Map-Register messages.

Map Resolver (MR)This device is queried by the iTRs using Map-Request messages. The queries consist of iTRs asking for the mapping between EID and RLOC.

LISP Router – A LISP router is a router that performs the functions of any or all of the following: iTR, eTR, Proxy-iTR (PiTR), or Proxy-eTR (PeTR).

We will use following network topology for LISP configuration.

 

Network Topology
  • R3, R4, R5, R6 are provider edge routers in SP network.
  • R7 is BGP Route-Reflector in SP network and R3, R4, R5,R6 are RR clients.
  • R7 is working as LISP MAP Resolver (MR) and MAP Server (MS).
  • R1 is working as xTR, performing both iTR and eTR functions, in LISP Site-A.
  • R1 is running dual stack, both IPv4 and IPv6, connected to LAN router R8.
  • R1 is registered with LISP MAP Server, EIDs (IPv4 – 8.8.0.0/16, IPv6 – 2001:8:8::/48) and RLOC addresses 13.13.13.1 (Weight 100) and 14.14.14.1 (Weight 50).
  • With above weight parameters, R1 is telling remote sites to send traffic for Site-A EIDs in ratio of 100:50 to RLOC addresses 13.13.13.1 and 14.14.14.1 respectively.
  • R2 is working as xTR, performing both iTR and eTR functions, in LISP Site-B.
  • R2 is running dual stack, both IPv4 and IPv6, connected to LAN router R9.
  • R2 is registered with LISP MAP Server, EIDs (IPv4 – 9.9.0.0/16, IPv6 – 2001:9:9::/48) and RLOC addresses 25.25.25.2 (Weight 100) and 26.26.26.2 (Weight 50).
  • With above weight parameters, R2 is telling remote sites to send traffic for Site-B EIDs in ratio of 100:50 to RLOC addresses 25.25.25.2 and 26.26.26.2 respectively.
Configuration
LISP Site-A Configuration
R1 - xTR (Ingress/Egress Tunnel Router)

hostname R1
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface LISP0
!
interface FastEthernet0/0
 ip address 8.8.18.1 255.255.255.0
 ipv6 address 2001:8:8:18::1/64
!
interface FastEthernet1/0
 ip address 13.13.13.1 255.255.255.0
!
interface FastEthernet1/1
 bandwidth 50000
 ip address 14.14.14.1 255.255.255.0
!
router lisp
 !! -- Define RLOCs -- !!
 !! -- Priorities can be configured between 0-255, with a lower -- !!
 !! -- value being more preferred. If both priorities are equal -- !! 
 !! -- then both RLOCs are used. If the priorities are not equal -- !!
 !! -- then only the RLOC with the lowest priority is used in -- !!
 !! -- Active/Standby mode. -- !!
 !! -- If priorities are equal, weights can be configured to -- !!
 !! -- signal the desired ingress load sharing. -- !!
 !! -- Weights can be configured between 0-100 -- !!
 locator-set SITEA_RLOC_SET
  13.13.13.1 priority 1 weight 100
  14.14.14.1 priority 1 weight 50
  exit
 !
 !! -- Configure an EID-to-RLOC mapping relationship and its -- !!
 !! -- associated traffic policy for this LISP site. -- !!
 database-mapping 8.8.0.0/16 locator-set SITEA_RLOC_SET
 database-mapping 2001:8:8::/48 locator-set SITEA_RLOC_SET
 !! -- Enable iTR functionality for IPv4 -- !!
 ipv4 itr
 !! -- Configure the locator address of the LISP map resolver to -- !!
 !! -- which this router will send Map-Request messages for IPv4 -- !!
 !! -- EID-to-RLOC mapping resolutions -- !!
 ipv4 itr map-resolver 1.1.1.7
 !! -- Enable eTR functionality for IPv4 -- !!
 ipv4 etr
 !! -- Configure the locator address of the LISP map server and -- !!
 !! -- the authentication key that this router, acting as an IPv4 --!!
 !! -- LISP ETR, will use to register with the LISP mapping system--!! 
 ipv4 etr map-server 1.1.1.7 key LISPKEYPASS
 !
 !! -- Enable iTR functionality for IPv6 -- !!
 ipv6 itr
 !! -- Configure the locator address of the LISP map resolver to --!!
 !! -- which this router will send Map-Request messages for IPv6 -- !!
 !! -- EID-to-RLOC mapping resolutions -- !!
 ipv6 itr map-resolver 1.1.1.7
 !! -- Enable eTR functionality for IPv6 -- !!
 ipv6 etr
 !! -- Configure the locator address of the LISP map server and -- !!
 !! -- the authentication key that this router, acting as an IPv6 --!!
 !! -- LISP ETR, will use to register with the LISP mapping system--!! 
 ipv6 etr map-server 1.1.1.7 key LISPKEYPASS
 exit
!
router bgp 101
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 13.13.13.3 remote-as 100
 neighbor 14.14.14.4 remote-as 100
!
ip route 8.8.0.0 255.255.0.0 8.8.18.8
!
ipv6 route 2001:8:8::/48 2001:8:8:18::8


R8 - LAN Router

hostname R8
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback1
 ip address 8.8.1.1 255.255.255.0
 ipv6 address 2001:8:8:1::1/64
!
interface Loopback2
 ip address 8.8.2.1 255.255.255.0
 ipv6 address 2001:8:8:2::1/64
!
interface FastEthernet0/0
 ip address 8.8.18.8 255.255.255.0
 duplex full
 speed 100
 ipv6 address 2001:8:8:18::8/64
!
ip route 0.0.0.0 0.0.0.0 8.8.18.1
!
ipv6 route ::/0 2001:8:8:18::1
LISP Site-B Configuration
R2 - xTR (Ingress/Egress Tunnel Router)

hostname R2
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface LISP0
!
interface FastEthernet0/0
 ip address 9.9.29.2 255.255.255.0
 duplex full
 speed 100
 ipv6 address 2001:9:9:29::2/64
!
interface FastEthernet1/0
 ip address 25.25.25.2 255.255.255.0
!
interface FastEthernet1/1
 bandwidth 50000
 ip address 26.26.26.2 255.255.255.0
!
router lisp
 locator-set SITEB_RLOC_SET
  25.25.25.2 priority 1 weight 100
  26.26.26.2 priority 1 weight 50
  exit
 !
 database-mapping 9.9.0.0/16 locator-set SITEB_RLOC_SET
 database-mapping 2001:9:9::/48 locator-set SITEB_RLOC_SET
 ipv4 itr
 ipv4 itr map-resolver 1.1.1.7
 ipv4 etr
 ipv4 etr map-server 1.1.1.7 key LISPKEYPASS
 !
 ipv6 itr 
 ipv6 itr map-resolver 1.1.1.7
 ipv6 etr
 ipv6 etr map-server 1.1.1.7 key LISPKEYPASS
 exit
!
router bgp 102
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 neighbor 25.25.25.5 remote-as 100
 neighbor 26.26.26.6 remote-as 100
!
ip route 9.9.0.0 255.255.0.0 9.9.29.9
!
ipv6 route 2001:9:9::/48 2001:9:9:29::9
!

R9 - LAN Router

hostname R9
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback1
 ip address 9.9.1.1 255.255.255.0
 ipv6 address 2001:9:9:1::1/64
!
interface Loopback2
 ip address 9.9.2.1 255.255.255.0
 ipv6 address 2001:9:9:2::1/64
!
interface FastEthernet0/0
 ip address 9.9.29.9 255.255.255.0
 duplex full
 speed 100
 ipv6 address 2001:9:9:29::9/64
!
ip route 0.0.0.0 0.0.0.0 9.9.29.2
!
ipv6 route ::/0 2001:9:9:29::2
!
Service Provider Network Configuration
R3 - Provider Edge Router

hostname R3
!
ip cef
!
interface Loopback0
 ip address 1.1.1.3 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 1.1.35.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet0/1
 ip address 1.1.34.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet1/0
 ip address 13.13.13.3 255.255.255.0
!
interface FastEthernet1/1
 ip address 1.1.37.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
router ospf 1
 router-id 1.1.1.3
!
router bgp 100
 bgp router-id 1.1.1.3
 bgp log-neighbor-changes
 network 13.13.13.0 mask 255.255.255.0
 neighbor 1.1.1.7 remote-as 100
 neighbor 1.1.1.7 update-source Loopback0
 neighbor 13.13.13.1 remote-as 101
!

R4 - Provider Edge Router

hostname R4
!
ip cef
!
interface Loopback0
 ip address 1.1.1.4 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 1.1.46.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet0/1
 ip address 1.1.34.4 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet1/1
 bandwidth 50000
 ip address 14.14.14.4 255.255.255.0
!
router ospf 1
 router-id 1.1.1.4
!
router bgp 100
 bgp router-id 1.1.1.4
 bgp log-neighbor-changes
 network 14.14.14.0 mask 255.255.255.0
 neighbor 1.1.1.7 remote-as 100
 neighbor 1.1.1.7 update-source Loopback0
 neighbor 14.14.14.1 remote-as 101
!

R5 - Provider Edge Router

hostname R5
!
ip cef
!
interface Loopback0
 ip address 1.1.1.5 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 1.1.35.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet0/1
 ip address 1.1.56.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet1/0
 ip address 25.25.25.5 255.255.255.0
!
interface FastEthernet1/1
 ip address 1.1.57.5 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
router ospf 1
 router-id 1.1.1.5
!
router bgp 100
 bgp router-id 1.1.1.5
 bgp log-neighbor-changes
 network 25.25.25.0 mask 255.255.255.0
 neighbor 1.1.1.7 remote-as 100
 neighbor 1.1.1.7 update-source Loopback0
 neighbor 25.25.25.2 remote-as 102
!

R6 - Provider Edge Router

hostname R6
!
ip cef
!
interface Loopback0
 ip address 1.1.1.6 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 1.1.46.6 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet0/1
 ip address 1.1.56.6 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet1/1
 ip address 26.26.26.6 255.255.255.0
 bandwidth 50000
!
router ospf 1
 router-id 1.1.1.6
!
router bgp 100
 bgp router-id 1.1.1.6
 bgp log-neighbor-changes
 network 26.26.26.0 mask 255.255.255.0
 neighbor 1.1.1.7 remote-as 100
 neighbor 1.1.1.7 update-source Loopback0
 neighbor 26.26.26.2 remote-as 102
!

R7 - LISP MAP Server/Resolver Router

hostname R7
!
ip cef
!
!
interface Loopback0
 ip address 1.1.1.7 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 1.1.37.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet0/1
 ip address 1.1.57.7 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
router lisp
 !! -- MAP Resolver Configuration -- !!
 !! -- Enable MAP Resolver functionality for IPv4/IPv6 -- !! 
 ipv4 map-resolver
 ipv6 map-resolver
 !! -- MAP Server Configuration -- !!  
 !! -- Enable MAP Server functionality for IPv4/IPv6 -- !! 
 ipv4 map-server
 ipv6 map-server 
 !! -- Configure authentication key for eTR routers -- !!
 !! -- and what EID prefixes can be accepted for EID-to-RLOC -- !!
 !! -- mapping database from them -- !!
 site SITE_A
  authentication-key LISPKEYPASS
  eid-prefix 8.8.0.0/16 accept-more-specifics
  eid-prefix 2001:8:8::/48 accept-more-specifics
  exit
 !
 site SITE_B
  authentication-key LISPKEYPASS
  eid-prefix 9.9.0.0/16 accept-more-specifics
  eid-prefix 2001:9:9::/48 accept-more-specifics
  exit
 !
!
router ospf 1
 router-id 1.1.1.7
!
router bgp 100
 bgp router-id 1.1.1.7
 bgp log-neighbor-changes
 network 1.1.1.7 mask 255.255.255.255
 neighbor RRCLIENTS peer-group
 neighbor RRCLIENTS remote-as 100
 neighbor RRCLIENTS update-source Loopback0
 neighbor RRCLIENTS route-reflector-client
 neighbor 1.1.1.3 peer-group RRCLIENTS
 neighbor 1.1.1.4 peer-group RRCLIENTS
 neighbor 1.1.1.5 peer-group RRCLIENTS
 neighbor 1.1.1.6 peer-group RRCLIENTS
!
Verification and Testing
Routing (IPv4/IPv6) on all routers

Note: EID Prefixes should not be advertised in the global routing.

R1#show ip route | beg Gate
Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
B        1.1.1.7 [20/0] via 13.13.13.3, 00:36:24
      8.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S        8.8.0.0/16 [1/0] via 8.8.18.8
C        8.8.18.0/24 is directly connected, FastEthernet0/0
L        8.8.18.1/32 is directly connected, FastEthernet0/0
      13.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        13.13.13.0/24 is directly connected, FastEthernet1/0
L        13.13.13.1/32 is directly connected, FastEthernet1/0
      14.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        14.14.14.0/24 is directly connected, FastEthernet1/1
L        14.14.14.1/32 is directly connected, FastEthernet1/1
      25.0.0.0/24 is subnetted, 1 subnets
B        25.25.25.0 [20/0] via 13.13.13.3, 00:36:24
      26.0.0.0/24 is subnetted, 1 subnets
B        26.26.26.0 [20/0] via 13.13.13.3, 00:36:24

R1#show ipv6 route
IPv6 Routing Table - default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
S   2001:8:8::/48 [1/0]
     via 2001:8:8:18::8
C   2001:8:8:18::/64 [0/0]
     via FastEthernet0/0, directly connected
L   2001:8:8:18::1/128 [0/0]
     via FastEthernet0/0, receive
L   FF00::/8 [0/0]
     via Null0, receive


R2#show ip route | beg Gate
Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
B        1.1.1.7 [20/0] via 26.26.26.6, 00:36:24
      9.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S        9.9.0.0/16 [1/0] via 9.9.29.9
C        9.9.29.0/24 is directly connected, FastEthernet0/0
L        9.9.29.2/32 is directly connected, FastEthernet0/0
      13.0.0.0/24 is subnetted, 1 subnets
B        13.13.13.0 [20/0] via 26.26.26.6, 00:36:24
      14.0.0.0/24 is subnetted, 1 subnets
B        14.14.14.0 [20/0] via 26.26.26.6, 00:36:24
      25.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        25.25.25.0/24 is directly connected, FastEthernet1/0
L        25.25.25.2/32 is directly connected, FastEthernet1/0
      26.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        26.26.26.0/24 is directly connected, FastEthernet1/1
L        26.26.26.2/32 is directly connected, FastEthernet1/1

R2#show ipv6 route
IPv6 Routing Table - default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
S   2001:9:9::/48 [1/0]
     via 2001:9:9:29::9
C   2001:9:9:29::/64 [0/0]
     via FastEthernet0/0, directly connected
L   2001:9:9:29::2/128 [0/0]
     via FastEthernet0/0, receive
L   FF00::/8 [0/0]
     via Null0, receive

R3#show ip route | beg Gate
Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 14 subnets, 2 masks
C        1.1.1.3/32 is directly connected, Loopback0
O        1.1.1.4/32 [110/2] via 1.1.34.4, 00:39:03, FastEthernet0/1
O        1.1.1.5/32 [110/2] via 1.1.35.5, 00:39:03, FastEthernet0/0
O        1.1.1.6/32 [110/3] via 1.1.35.5, 00:39:03, FastEthernet0/0
                    [110/3] via 1.1.34.4, 00:39:03, FastEthernet0/1
O        1.1.1.7/32 [110/2] via 1.1.37.7, 00:39:13, FastEthernet1/1
C        1.1.34.0/24 is directly connected, FastEthernet0/1
L        1.1.34.3/32 is directly connected, FastEthernet0/1
C        1.1.35.0/24 is directly connected, FastEthernet0/0
L        1.1.35.3/32 is directly connected, FastEthernet0/0
C        1.1.37.0/24 is directly connected, FastEthernet1/1
L        1.1.37.3/32 is directly connected, FastEthernet1/1
O        1.1.46.0/24 [110/2] via 1.1.34.4, 00:39:03, FastEthernet0/1
O        1.1.56.0/24 [110/2] via 1.1.35.5, 00:39:03, FastEthernet0/0
O        1.1.57.0/24 [110/2] via 1.1.37.7, 00:39:13, FastEthernet1/1
                     [110/2] via 1.1.35.5, 00:39:03, FastEthernet0/0
      13.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        13.13.13.0/24 is directly connected, FastEthernet1/0
L        13.13.13.3/32 is directly connected, FastEthernet1/0
      14.0.0.0/24 is subnetted, 1 subnets
B        14.14.14.0 [200/0] via 1.1.1.4, 00:38:03
      25.0.0.0/24 is subnetted, 1 subnets
B        25.25.25.0 [200/0] via 1.1.1.5, 00:38:03
      26.0.0.0/24 is subnetted, 1 subnets
B        26.26.26.0 [200/0] via 1.1.1.6, 00:38:03

R4#show ip route | beg Gate
Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
O        1.1.1.3/32 [110/2] via 1.1.34.3, 00:39:21, FastEthernet0/1
C        1.1.1.4/32 is directly connected, Loopback0
O        1.1.1.5/32 [110/3] via 1.1.46.6, 00:39:31, FastEthernet0/0
                    [110/3] via 1.1.34.3, 00:39:21, FastEthernet0/1
O        1.1.1.6/32 [110/2] via 1.1.46.6, 00:39:31, FastEthernet0/0
O        1.1.1.7/32 [110/3] via 1.1.34.3, 00:39:21, FastEthernet0/1
C        1.1.34.0/24 is directly connected, FastEthernet0/1
L        1.1.34.4/32 is directly connected, FastEthernet0/1
O        1.1.35.0/24 [110/2] via 1.1.34.3, 00:39:21, FastEthernet0/1
O        1.1.37.0/24 [110/2] via 1.1.34.3, 00:39:21, FastEthernet0/1
C        1.1.46.0/24 is directly connected, FastEthernet0/0
L        1.1.46.4/32 is directly connected, FastEthernet0/0
O        1.1.56.0/24 [110/2] via 1.1.46.6, 00:39:31, FastEthernet0/0
O        1.1.57.0/24 [110/3] via 1.1.46.6, 00:39:31, FastEthernet0/0
                     [110/3] via 1.1.34.3, 00:39:21, FastEthernet0/1
      13.0.0.0/24 is subnetted, 1 subnets
B        13.13.13.0 [200/0] via 1.1.1.3, 00:38:25
      14.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        14.14.14.0/24 is directly connected, FastEthernet1/1
L        14.14.14.4/32 is directly connected, FastEthernet1/1
      25.0.0.0/24 is subnetted, 1 subnets
B        25.25.25.0 [200/0] via 1.1.1.5, 00:38:25
      26.0.0.0/24 is subnetted, 1 subnets
B        26.26.26.0 [200/0] via 1.1.1.6, 00:38:25

R5#show ip route | beg Gate
Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 14 subnets, 2 masks
O        1.1.1.3/32 [110/2] via 1.1.35.3, 00:39:35, FastEthernet0/0
O        1.1.1.4/32 [110/3] via 1.1.56.6, 00:39:35, FastEthernet0/1
                    [110/3] via 1.1.35.3, 00:39:35, FastEthernet0/0
C        1.1.1.5/32 is directly connected, Loopback0
O        1.1.1.6/32 [110/2] via 1.1.56.6, 00:39:35, FastEthernet0/1
O        1.1.1.7/32 [110/2] via 1.1.57.7, 00:39:45, FastEthernet1/1
O        1.1.34.0/24 [110/2] via 1.1.35.3, 00:39:35, FastEthernet0/0
C        1.1.35.0/24 is directly connected, FastEthernet0/0
L        1.1.35.5/32 is directly connected, FastEthernet0/0
O        1.1.37.0/24 [110/2] via 1.1.57.7, 00:39:45, FastEthernet1/1
                     [110/2] via 1.1.35.3, 00:39:35, FastEthernet0/0
O        1.1.46.0/24 [110/2] via 1.1.56.6, 00:39:35, FastEthernet0/1
C        1.1.56.0/24 is directly connected, FastEthernet0/1
L        1.1.56.5/32 is directly connected, FastEthernet0/1
C        1.1.57.0/24 is directly connected, FastEthernet1/1
L        1.1.57.5/32 is directly connected, FastEthernet1/1
      13.0.0.0/24 is subnetted, 1 subnets
B        13.13.13.0 [200/0] via 1.1.1.3, 00:38:36
      14.0.0.0/24 is subnetted, 1 subnets
B        14.14.14.0 [200/0] via 1.1.1.4, 00:38:36
      25.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        25.25.25.0/24 is directly connected, FastEthernet1/0
L        25.25.25.5/32 is directly connected, FastEthernet1/0
      26.0.0.0/24 is subnetted, 1 subnets
B        26.26.26.0 [200/0] via 1.1.1.6, 00:38:36

R6#show ip route | beg Gate
Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
O        1.1.1.3/32 [110/3] via 1.1.56.5, 00:39:52, FastEthernet0/1
                    [110/3] via 1.1.46.4, 00:39:52, FastEthernet0/0
O        1.1.1.4/32 [110/2] via 1.1.46.4, 00:39:52, FastEthernet0/0
O        1.1.1.5/32 [110/2] via 1.1.56.5, 00:39:52, FastEthernet0/1
C        1.1.1.6/32 is directly connected, Loopback0
O        1.1.1.7/32 [110/3] via 1.1.56.5, 00:39:52, FastEthernet0/1
O        1.1.34.0/24 [110/2] via 1.1.46.4, 00:39:52, FastEthernet0/0
O        1.1.35.0/24 [110/2] via 1.1.56.5, 00:39:52, FastEthernet0/1
O        1.1.37.0/24 [110/3] via 1.1.56.5, 00:39:52, FastEthernet0/1
                     [110/3] via 1.1.46.4, 00:39:52, FastEthernet0/0
C        1.1.46.0/24 is directly connected, FastEthernet0/0
L        1.1.46.6/32 is directly connected, FastEthernet0/0
C        1.1.56.0/24 is directly connected, FastEthernet0/1
L        1.1.56.6/32 is directly connected, FastEthernet0/1
O        1.1.57.0/24 [110/2] via 1.1.56.5, 00:39:52, FastEthernet0/1
      13.0.0.0/24 is subnetted, 1 subnets
B        13.13.13.0 [200/0] via 1.1.1.3, 00:38:46
      14.0.0.0/24 is subnetted, 1 subnets
B        14.14.14.0 [200/0] via 1.1.1.4, 00:38:46
      25.0.0.0/24 is subnetted, 1 subnets
B        25.25.25.0 [200/0] via 1.1.1.5, 00:38:46
      26.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        26.26.26.0/24 is directly connected, FastEthernet1/1
L        26.26.26.6/32 is directly connected, FastEthernet1/1

R7#show ip route | beg Gate
Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
O        1.1.1.3/32 [110/2] via 1.1.37.3, 00:40:05, FastEthernet0/0
O        1.1.1.4/32 [110/3] via 1.1.37.3, 00:39:55, FastEthernet0/0
O        1.1.1.5/32 [110/2] via 1.1.57.5, 00:40:05, FastEthernet0/1
O        1.1.1.6/32 [110/3] via 1.1.57.5, 00:39:55, FastEthernet0/1
C        1.1.1.7/32 is directly connected, Loopback0
O        1.1.34.0/24 [110/2] via 1.1.37.3, 00:40:05, FastEthernet0/0
O        1.1.35.0/24 [110/2] via 1.1.57.5, 00:40:05, FastEthernet0/1
                     [110/2] via 1.1.37.3, 00:40:05, FastEthernet0/0
C        1.1.37.0/24 is directly connected, FastEthernet0/0
L        1.1.37.7/32 is directly connected, FastEthernet0/0
O        1.1.46.0/24 [110/3] via 1.1.57.5, 00:39:55, FastEthernet0/1
                     [110/3] via 1.1.37.3, 00:39:55, FastEthernet0/0
O        1.1.56.0/24 [110/2] via 1.1.57.5, 00:40:05, FastEthernet0/1
C        1.1.57.0/24 is directly connected, FastEthernet0/1
L        1.1.57.7/32 is directly connected, FastEthernet0/1
      13.0.0.0/24 is subnetted, 1 subnets
B        13.13.13.0 [200/0] via 1.1.1.3, 00:38:59
      14.0.0.0/24 is subnetted, 1 subnets
B        14.14.14.0 [200/0] via 1.1.1.4, 00:38:59
      25.0.0.0/24 is subnetted, 1 subnets
B        25.25.25.0 [200/0] via 1.1.1.5, 00:38:59
      26.0.0.0/24 is subnetted, 1 subnets
B        26.26.26.0 [200/0] via 1.1.1.6, 00:38:59


R8#show ip route | beg Gate
Gateway of last resort is 8.8.18.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 8.8.18.1
      8.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C        8.8.1.0/24 is directly connected, Loopback1
L        8.8.1.1/32 is directly connected, Loopback1
C        8.8.2.0/24 is directly connected, Loopback2
L        8.8.2.1/32 is directly connected, Loopback2
C        8.8.18.0/24 is directly connected, FastEthernet0/0
L        8.8.18.8/32 is directly connected, FastEthernet0/0

R8#show ipv6 route         
IPv6 Routing Table - default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
S   ::/0 [1/0]
     via 2001:8:8:18::1
C   2001:8:8:1::/64 [0/0]
     via Loopback1, directly connected
L   2001:8:8:1::1/128 [0/0]
     via Loopback1, receive
C   2001:8:8:2::/64 [0/0]
     via Loopback2, directly connected
L   2001:8:8:2::1/128 [0/0]
     via Loopback2, receive
C   2001:8:8:18::/64 [0/0]
     via FastEthernet0/0, directly connected
L   2001:8:8:18::8/128 [0/0]
     via FastEthernet0/0, receive
L   FF00::/8 [0/0]
     via Null0, receive

R9#show ip route | beg Gate
Gateway of last resort is 9.9.29.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 9.9.29.2
      9.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C        9.9.1.0/24 is directly connected, Loopback1
L        9.9.1.1/32 is directly connected, Loopback1
C        9.9.2.0/24 is directly connected, Loopback2
L        9.9.2.1/32 is directly connected, Loopback2
C        9.9.29.0/24 is directly connected, FastEthernet0/0
L        9.9.29.9/32 is directly connected, FastEthernet0/0

R9#show ipv6 route         
IPv6 Routing Table - default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
S   ::/0 [1/0]
     via 2001:9:9:29::2
C   2001:9:9:1::/64 [0/0]
     via Loopback1, directly connected
L   2001:9:9:1::1/128 [0/0]
     via Loopback1, receive
C   2001:9:9:2::/64 [0/0]
     via Loopback2, directly connected
L   2001:9:9:2::1/128 [0/0]
     via Loopback2, receive
C   2001:9:9:29::/64 [0/0]
     via FastEthernet0/0, directly connected
L   2001:9:9:29::9/128 [0/0]
     via FastEthernet0/0, receive
L   FF00::/8 [0/0]
     via Null0, receive
LISP Registration Process

R1 (eTR) will register it’s local EID ((IPv4 and IPv6) to RLOC mappings  with MAP Server (R7) via MAP-Register messages.

!! -- Initially MAP-Server database is empty -- !!

R7#sh lisp site
LISP Site Registration Information

Site Name      Last      Up   Who Last             Inst     EID Prefix
               Register       Registered           ID       
SITE_A         never     no   --                            8.8.0.0/16
               never     no   --                            2001:8:8::/48
SITE_B         never     no   --                            9.9.0.0/16
               never     no   --                            2001:9:9::/48

!! -- R1 (eTR) sends MAP-Register Messages to MAP-Server -- !!

R1#
*Apr 27 19:46:10.763: LISP: Route watch notification.
*Apr 27 19:46:10.803: LISP-0: AF IPv6, Map resolver 1.1.1.7 is reachable.
*Apr 27 19:46:10.807: LISP-0: AF IPv4, Map resolver 1.1.1.7 is reachable.

*Apr 27 19:46:35.363: LISP: Timer event (ETR map server).
*Apr 27 19:46:35.367: LISP-0: IPv6 Map Server 1.1.1.7, Schedule registration.
*Apr 27 19:46:35.375: LISP-0: AF IPv4, Route locator 1.1.1.7, src 14.14.14.1 nh 14.14.14.4 if FastEthernet1/1.
*Apr 27 19:46:35.379: LISP-0: AF IPv6, Added mapping record locator 13.13.13.1 (priority 1, weight 100, local, reachable).
*Apr 27 19:46:35.383: LISP-0: AF IPv6, Added mapping record locator 14.14.14.1 (priority 1, weight 50, local, reachable).
*Apr 27 19:46:35.383: LISP-0: AF IPv6, Built mapping record for 2001:8:8::/48 with 2 locators (action none).
*Apr 27 19:46:35.383: LISP-0: IPv6 Map Server 1.1.1.7, Built map-register, 1 records, first 2001:8:8::/48 last 2001:8:8::/48 DONE.
*Apr 27 19:46:35.383: LISP-0: IPv6 Map Server 1.1.1.7, Sending map-register (src_rloc 14.14.14.1).

*Apr 27 19:46:37.483: LISP: Timer event (ETR map server).
*Apr 27 19:46:37.483: LISP-0: IPv4 Map Server 1.1.1.7, Schedule registration.
*Apr 27 19:46:37.487: LISP-0: AF IPv4, Route locator 1.1.1.7, src 14.14.14.1 nh 14.14.14.4 if FastEthernet1/1.
*Apr 27 19:46:37.487: LISP-0: AF IPv4, Added mapping record locator 13.13.13.1 (priority 1, weight 100, local, reachable).
*Apr 27 19:46:37.491: LISP-0: AF IPv4, Added mapping record locator 14.14.14.1 (priority 1, weight 50, local, reachable).
*Apr 27 19:46:37.491: LISP-0: AF IPv4, Built mapping record for 8.8.0.0/16 with 2 locators (action none).
*Apr 27 19:46:37.491: LISP-0: IPv4 Map Server 1.1.1.7, Built map-register, 1 records, first 8.8.0.0/16 last 8.8.0.0/16 DONE.
*Apr 27 19:46:37.491: LISP-0: IPv4 Map Server 1.1.1.7, Sending map-register (src_rloc 14.14.14.1).


!! -- MAP-Server (R7) receives MAP-Register messages,  -- !!
!! -- process them and add EID-to-RLOC mappings in database -- !!

R7#
*Apr 27 19:46:35.479: LISP-0: Net receive, queuing packet for LISP process.
*Apr 27 19:46:35.487: LISP-0: Received packet datagramsize 130, encsize 14, size 116.
*Apr 27 19:46:35.495: LISP: Processing received Map-Register message from 14.14.14.1 to 1.1.1.7
*Apr 27 19:46:35.495: LISP: Processing Map-Register no proxy, no map-notify, no merge, no mobile-node, 1 record, nonce 0x18FC13A9-0x0E141375, key-id 1, auth-data-len 20
*Apr 27 19:46:35.495: LISP: Parsing mapping record for EID prefix IID 0 2001:8:8::/48
*Apr 27 19:46:35.495: LISP-0: Mapping Record has 2 locators (action none).
*Apr 27 19:46:35.495: LISP: Processing Map-Register mapping record for IID 0 2001:8:8::/48, ttl 1440, state complete, authoritative, 2 locators
        13.13.13.1 pri/wei=1/100 LpR
        14.14.14.1 pri/wei=1/50 LpR
*Apr 27 19:46:35.495: LISP-0: MS registration prefix 2001:8:8::/48 14.14.14.1 site SITE_A, Created.
*Apr 27 19:46:35.495: LISP-0: MS registration prefix 2001:8:8::/48 14.14.14.1 site SITE_A, Adding locator 13.13.13.1.
*Apr 27 19:46:35.495: LISP-0: MS RLOC prefix 2001:8:8::/48 13.13.13.1 site SITE_A, reachable change unknown->down.
*Apr 27 19:46:35.495: LISP-0: MS registration prefix 2001:8:8::/48 14.14.14.1 site SITE_A, Adding locator 14.14.14.1.
*Apr 27 19:46:35.495: LISP-0: MS RLOC prefix 2001:8:8::/48 14.14.14.1 site SITE_A, reachable change unknown->down.
*Apr 27 19:46:35.495: LISP-0: MS registration prefix 2001:8:8::/48 14.14.14.1 site SITE_A, no configuration for allowed locators.
*Apr 27 19:46:35.495: LISP-0: MS RLOC prefix 2001:8:8::/48 13.13.13.1 site SITE_A, reachable change down->up, reported by 14.14.14.1.
*Apr 27 19:46:35.499: LISP-0: MS RLOC prefix 2001:8:8::/48 14.14.14.1 site SITE_A, reachable change down->up, reported by 14.14.14.1.
*Apr 27 19:46:35.499: LISP-0: MS EID prefix 2001:8:8::/48 site SITE_A, Map-Notify, to registering ETRs due to changed registration.
*Apr 27 19:46:35.499: LISP-0: Map-Notify prefix 2001:8:8::/48 to 14.14.14.1, skipping - M-bit not set.
*Apr 27 19:46:35.499: LISP-0: Processed 1 control packets.
*Apr 27 19:46:35.499: LISP-0: MS EID prefix 2001:8:8::/48 site SITE_A, ALT route update/create.
*Apr 27 19:46:35.499: LISP-0: ALTroute prefix 2001:8:8::/48 <-> created.
*Apr 27 19:46:35.499: LISP-0: ALTroute prefix 2001:8:8::/48 <-> scheduled RIB update.
*Apr 27 19:46:35.499: LISP-0: ALTroute prefix 2001:8:8::/48 <-> add source MS-EID.
*Apr 27 19:46:35.499: LISP-0: AF IPv6, Updated 1 MS EID entries in ALT table.
*Apr 27 19:46:35.499: LISP-0: ALTroute prefix 2001:8:8::/48 <MS-EID> RIB route ignore create, no ALT RIB.
*Apr 27 19:46:35.499: LISP-0: AF IPv6, Updated 1 ALT routes in ALT RIB table.


*Apr 27 19:46:37.567: LISP-0: Net receive, queuing packet for LISP process.
*Apr 27 19:46:37.579: LISP-0: Received packet datagramsize 118, encsize 14, size 104.
*Apr 27 19:46:37.583: LISP: Processing received Map-Register message from 14.14.14.1 to 1.1.1.7
*Apr 27 19:46:37.591: LISP: Processing Map-Register no proxy, no map-notify, no merge, no mobile-node, 1 record, nonce 0x18FC13A9-0x0E141375, key-id 1, auth-data-len 20
*Apr 27 19:46:37.595: LISP: Parsing mapping record for EID prefix IID 0 8.8.0.0/16
*Apr 27 19:46:37.599: LISP-0: Mapping Record has 2 locators (action none).
*Apr 27 19:46:37.607: LISP: Processing Map-Register mapping record for IID 0 8.8.0.0/16, ttl 1440, state complete, authoritative, 2 locators
        13.13.13.1 pri/wei=1/100 LpR
        14.14.14.1 pri/wei=1/50 LpR
*Apr 27 19:46:37.607: LISP-0: MS registration prefix 8.8.0.0/16 14.14.14.1 site SITE_A, Created.
*Apr 27 19:46:37.607: LISP-0: MS registration prefix 8.8.0.0/16 14.14.14.1 site SITE_A, Adding locator 13.13.13.1.
*Apr 27 19:46:37.611: LISP-0: MS RLOC prefix 8.8.0.0/16 13.13.13.1 site SITE_A, reachable change unknown->down.
*Apr 27 19:46:37.611: LISP-0: MS registration prefix 8.8.0.0/16 14.14.14.1 site SITE_A, Adding locator 14.14.14.1.
*Apr 27 19:46:37.611: LISP-0: MS RLOC prefix 8.8.0.0/16 14.14.14.1 site SITE_A, reachable change unknown->down.
*Apr 27 19:46:37.611: LISP-0: MS registration prefix 8.8.0.0/16 14.14.14.1 site SITE_A, no configuration for allowed locators.
*Apr 27 19:46:37.611: LISP-0: MS RLOC prefix 8.8.0.0/16 13.13.13.1 site SITE_A, reachable change down->up, reported by 14.14.14.1.
*Apr 27 19:46:37.611: LISP-0: MS RLOC prefix 8.8.0.0/16 14.14.14.1 site SITE_A, reachable change down->up, reported by 14.14.14.1.
*Apr 27 19:46:37.611: LISP-0: MS EID prefix 8.8.0.0/16 site SITE_A, Map-Notify, to registering ETRs due to changed registration.
*Apr 27 19:46:37.611: LISP-0: Map-Notify prefix 8.8.0.0/16 to 14.14.14.1, skipping - M-bit not set.
*Apr 27 19:46:37.611: LISP-0: Processed 1 control packets.
*Apr 27 19:46:37.611: LISP-0: MS EID prefix 8.8.0.0/16 site SITE_A, ALT route update/create.
*Apr 27 19:46:37.611: LISP-0: ALTroute prefix 8.8.0.0/16 <-> created.
*Apr 27 19:46:37.611: LISP-0: ALTroute prefix 8.8.0.0/16 <-> scheduled RIB update.
*Apr 27 19:46:37.611: LISP-0: ALTroute prefix 8.8.0.0/16 <-> add source MS-EID.
*Apr 27 19:46:37.611: LISP-0: AF IPv4, Updated 1 MS EID entries in ALT table.
*Apr 27 19:46:37.611: LISP-0: ALTroute prefix 8.8.0.0/16 <MS-EID> RIB route ignore create, no ALT RIB.
*Apr 27 19:46:37.611: LISP-0: AF IPv4, Updated 1 ALT routes in ALT RIB table.

!! -- Now MAP-Server database is updated with EID-to-RLOC mappings--!!
!! -- received from R1 (eTR at LISP Site A) -- !!

R7#sh lisp site
LISP Site Registration Information

Site Name      Last      Up   Who Last             Inst     EID Prefix
               Register       Registered           ID       
SITE_A         00:00:07  yes  14.14.14.1                    8.8.0.0/16
               00:00:10  yes  14.14.14.1                    2001:8:8::/48
SITE_B         never     no   --                            9.9.0.0/16
               never     no   --                            2001:9:9::/48

!! -- Similarly, R2 (eTR at List Site B) will register -- !!
!! -- EID-to-RLOC mappings with MAP-Server -- !!

R7#sh lisp site
LISP Site Registration Information

Site Name      Last      Up   Who Last             Inst     EID Prefix
               Register       Registered           ID       
SITE_A         00:00:05  yes  14.14.14.1                    8.8.0.0/16
               00:00:57  yes  14.14.14.1                    2001:8:8::/48
SITE_B         00:00:08  yes  26.26.26.2                    9.9.0.0/16
               00:00:07  yes  26.26.26.2                    2001:9:9::/48
LISP Verification
R1#sh ip lisp
  Instance ID:                      0
  Router-lisp ID:                   0
  Locator table:                    default
  EID table:                        default
  Ingress Tunnel Router (ITR):      enabled
  Egress Tunnel Router (ETR):       enabled
  Proxy-ITR Router (PITR):          disabled
  Proxy-ETR Router (PETR):          disabled
  Map Server (MS):                  disabled
  Map Resolver (MR):                disabled
  Map-Request source:               8.8.18.1
  ITR Map-Resolver(s):              1.1.1.7
  ETR Map-Server(s):                1.1.1.7 (00:00:44)
  ITR Solicit Map Request (SMR):    accept and process
    Max SMRs per map-cache entry:   8 more specifics
    Multiple SMR suppression time:  60 secs
  ETR accept mapping data:          disabled, verify disabled
  ETR map-cache TTL:                1d00h
  Locator Status Algorithms:
    RLOC-probe algorithm:           disabled
  Static mappings configured:       0
  Map-cache size/limit:             1/1000
  Map-cache activity check period:  60 secs
  Map-database size/limit:          1/1000
  Persistent map-cache:             interval 01:00:00
    Earliest next store:            00:03:15
    Location:                       NONE


R1#sh ipv6 lisp
  Instance ID:                      0
  Router-lisp ID:                   0
  Locator table:                    default
  EID table:                        default
  Ingress Tunnel Router (ITR):      enabled
  Egress Tunnel Router (ETR):       enabled
  Proxy-ITR Router (PITR):          disabled
  Proxy-ETR Router (PETR):          disabled
  Map Server (MS):                  disabled
  Map Resolver (MR):                disabled
  Map-Request source:               2001:8:8:18::1
  ITR Map-Resolver(s):              1.1.1.7
  ETR Map-Server(s):                1.1.1.7 (00:00:26)
  ITR Solicit Map Request (SMR):    accept and process
    Max SMRs per map-cache entry:   8 more specifics
    Multiple SMR suppression time:  60 secs
  ETR accept mapping data:          disabled, verify disabled
  ETR map-cache TTL:                1d00h
  Locator Status Algorithms:
    RLOC-probe algorithm:           disabled
  Static mappings configured:       0
  Map-cache size/limit:             1/1000
  Map-cache activity check period:  60 secs
  Map-database size/limit:          1/1000
  Persistent map-cache:             interval 01:00:00
    Earliest next store:            now
    Location:                       NONE


R1#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 01:02:57, expires: never, via static send map-request
  Negative cache entry, action: send-map-request

R1#sh ipv6 lisp map-cache 
LISP IPv6 Mapping Cache for EID-table default (IID 0), 1 entries

::/0, uptime: 01:03:34, expires: never, via static send map-request
  Negative cache entry, action: send-map-request


R2#sh ip lisp
  Instance ID:                      0
  Router-lisp ID:                   0
  Locator table:                    default
  EID table:                        default
  Ingress Tunnel Router (ITR):      enabled
  Egress Tunnel Router (ETR):       enabled
  Proxy-ITR Router (PITR):          disabled
  Proxy-ETR Router (PETR):          disabled
  Map Server (MS):                  disabled
  Map Resolver (MR):                disabled
  Map-Request source:               9.9.29.2
  ITR Map-Resolver(s):              1.1.1.7
  ETR Map-Server(s):                1.1.1.7 (00:00:20)
  ITR Solicit Map Request (SMR):    accept and process
    Max SMRs per map-cache entry:   8 more specifics
    Multiple SMR suppression time:  60 secs
  ETR accept mapping data:          disabled, verify disabled
  ETR map-cache TTL:                1d00h
  Locator Status Algorithms:
    RLOC-probe algorithm:           disabled
  Static mappings configured:       0
  Map-cache size/limit:             1/1000
  Map-cache activity check period:  60 secs
  Map-database size/limit:          1/1000
  Persistent map-cache:             interval 01:00:00
    Earliest next store:            now
    Location:                       NONE

R2#sh ipv6 lisp
  Instance ID:                      0
  Router-lisp ID:                   0
  Locator table:                    default
  EID table:                        default
  Ingress Tunnel Router (ITR):      enabled
  Egress Tunnel Router (ETR):       enabled
  Proxy-ITR Router (PITR):          disabled
  Proxy-ETR Router (PETR):          disabled
  Map Server (MS):                  disabled
  Map Resolver (MR):                disabled
  Map-Request source:               2001:9:9:29::2
  ITR Map-Resolver(s):              1.1.1.7
  ETR Map-Server(s):                1.1.1.7 (00:00:24)
  ITR Solicit Map Request (SMR):    accept and process
    Max SMRs per map-cache entry:   8 more specifics
    Multiple SMR suppression time:  60 secs
  ETR accept mapping data:          disabled, verify disabled
  ETR map-cache TTL:                1d00h
  Locator Status Algorithms:
    RLOC-probe algorithm:           disabled
  Static mappings configured:       0
  Map-cache size/limit:             1/1000
  Map-cache activity check period:  60 secs
  Map-database size/limit:          1/1000
  Persistent map-cache:             interval 01:00:00
    Earliest next store:            now
    Location:                       NONE

R2#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 1 entries

0.0.0.0/0, uptime: 01:04:31, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
R2#sh ipv6 lisp map-cache 
LISP IPv6 Mapping Cache for EID-table default (IID 0), 1 entries

::/0, uptime: 01:04:35, expires: never, via static send map-request
  Negative cache entry, action: send-map-request


R7#sh lisp site 
LISP Site Registration Information

Site Name      Last      Up   Who Last             Inst     EID Prefix
               Register       Registered           ID       
SITE_A         00:00:54  yes  13.13.13.1                    8.8.0.0/16
               00:00:43  yes  13.13.13.1                    2001:8:8::/48
SITE_B         00:00:54  yes  26.26.26.2                    9.9.0.0/16
               00:00:56  yes  26.26.26.2                    2001:9:9::/48

R7#sh lisp site detail 
LISP Site Registration Information

Site name: SITE_A
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 8.8.0.0/16 
    First registered:     01:12:50
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 13.13.13.1, last registered 00:00:59, no proxy-reply, no map-notify
                    TTL 1d00h, no merge, nonce 0x59ADC101-0x157BC67F
                    state complete
      Locator     Local  State      Pri/Wgt
      13.13.13.1  yes    up           1/100
      14.14.14.1  yes    up           1/50 
  EID-prefix: 2001:8:8::/48 
    First registered:     01:12:44
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 13.13.13.1, last registered 00:00:48, no proxy-reply, no map-notify
                    TTL 1d00h, no merge, nonce 0x59ADC101-0x157BC67F
                    state complete
      Locator     Local  State      Pri/Wgt
      13.13.13.1  yes    up           1/100
      14.14.14.1  yes    up           1/50 
Site name: SITE_B
Allowed configured locators: any
Allowed EID-prefixes:
  EID-prefix: 9.9.0.0/16 
    First registered:     01:12:54
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 26.26.26.2, last registered 00:00:58, no proxy-reply, no map-notify
                    TTL 1d00h, no merge, nonce 0x78688303-0x434CBFEC
                    state complete
      Locator     Local  State      Pri/Wgt
      25.25.25.2  yes    up           1/100
      26.26.26.2  yes    up           1/50 
  EID-prefix: 2001:9:9::/48 
    First registered:     01:12:55
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    TTL:                  1d00h
    State:                complete
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    ETR 26.26.26.2, last registered 00:00:03, no proxy-reply, no map-notify
                    TTL 1d00h, no merge, nonce 0x78688303-0x434CBFEC
                    state complete
      Locator     Local  State      Pri/Wgt
      25.25.25.2  yes    up           1/100
      26.26.26.2  yes    up           1/50 

At this moment, iTR router at both sites do not have information to reach each other’s EID prefixes.

An iTR is a router that resides in a LISP site.  Packets sent by sources inside of the LISP site to destinations outside of the site are candidates for encapsulation by the iTR. An iTR is also in charge of querying the mapping database when trying to make a forwarding decision. The query is sent to the Map Resolver using a Map-Request message.

!! -- Send traffic from Site A LAN to Site B LAN -- !!

R8#ping 9.9.1.1 source 8.8.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.1.1, timeout is 2 seconds:
Packet sent with a source address of 8.8.1.1 
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 148/174/196 ms

!! -- This traffic arrives at iTR Router R1 -- !!
!! -- Currently R1 has no information how to reach EID 9.9.1.1 -- !!
!! -- R1 (iTR) will send a map-request to MAP-Resolver (R7) -- !!

R1#

*Apr 27 23:41:14.810: LISPdata-signal: sending signal for 8.8.1.1->9.9.1.1 on in IPv4:Default
*Apr 27 23:41:14.826: LISP: Processing data signal for EID prefix IID 0 9.9.1.1/32
*Apr 27 23:41:14.830: LISP-0: Remote EID prefix 9.9.1.1/32, Created (method: data-signal, state: unknown, rlocs: 0).
*Apr 27 23:41:14.834: LISP-0: Remote EID prefix 9.9.1.1/32, Change state to incomplete (method: data-signal, state: unknown, rlocs: 0).
*Apr 27 23:41:14.834: LISP-0: Remote EID prefix 9.9.1.1/32, Schedule forwarding table update (method: data-signal, state: incomplete, rlocs: 0).
*Apr 27 23:41:14.834: LISP-0: Remote EID prefix 9.9.1.1/32, Scheduling map requests (incomplete) (method: data-signal, state: incomplete, rlocs: 0).
*Apr 27 23:41:14.834: LISP-0: Map Request prefix 9.9.1.1/32 remote EID prefix[LL], Starting request timer with delay of 00:00:00.
*Apr 27 23:41:14.834: LISP-0: Remote EID prefix 9.9.1.1/32, Placing on idle queue (method: data-signal, state: incomplete, rlocs: 0).


*Apr 27 23:41:14.878: LISP-0: Map Request prefix 9.9.1.1/32 remote EID prefix[LL], Queueing remote EID prefix map request (1/4).
*Apr 27 23:41:14.878: LISP-0: Request processing of remote EID prefix map requests.
*Apr 27 23:41:14.878: LISP: Send map request type remote EID prefix
*Apr 27 23:41:14.878: LISP: Send map request for EID prefix IID 0 9.9.1.1/32
*Apr 27 23:41:14.878: LISP-0: Remote EID prefix 9.9.1.1/32, Send map request (1) (method: data-signal, state: incomplete, rlocs: 0).
*Apr 27 23:41:14.882: LISP-0: AF IPv4, Sending map-request from 8.8.18.1 to 9.9.1.1 for EID 9.9.1.1/32, ITR-RLOCs 2, nonce 0x93BCCB84-0x9309A6A2 (encap src 14.14.14.1, dst 1.1.1.7).


!! -- MAP-Resolver R7 will recieve this request, process it and --!!
!! -- look into the MAP-Server database and find that destination --!!
!! -- EID is behind RLOCs (25.25.25.2, 26.26.26.2) and forward it --!!
!! -- to RLOC 25.25.25.2 -- !!


R7#
*Apr 27 23:41:14.902: LISP: Processing received Encap-Control message from 14.14.14.1 to 1.1.1.7
*Apr 27 23:41:14.910: LISP: Processing received Map-Request message from 8.8.18.1 to 9.9.1.1
*Apr 27 23:41:14.914: LISP: Received map request, source_eid IID 0 8.8.1.1, ITR-RLOCs: 13.13.13.1 14.14.14.1, records 1, nonce 0x93BCCB84-0x9309A6A2
*Apr 27 23:41:14.922: LISP-0: MS EID prefix 9.9.0.0/16 site SITE_B, Forwarding map request to ETR 25.25.25.2.

!! -- R2 receives this Map-request and send direct reply to -- !!
!! -- RLOC 13.13.13.1 -- !!

R2#
*Apr 27 23:41:15.006: LISP: Processing received Encap-Control message from 1.1.57.7 to 25.25.25.2
*Apr 27 23:41:15.010: LISP: Processing received Map-Request message from 8.8.18.1 to 9.9.1.1
*Apr 27 23:41:15.018: LISP: Received map request, source_eid IID 0 8.8.1.1, ITR-RLOCs: 13.13.13.1 14.14.14.1, records 1, nonce 0x93BCCB84-0x9309A6A2
*Apr 27 23:41:15.022: LISP: Processing map request record for EID prefix IID 0 9.9.1.1/32
*Apr 27 23:41:15.026: LISP-0: Sending map-reply from 26.26.26.2 to 13.13.13.1.

!! -- Also R2 sends Map-request for EID 8.8.1.1 to MAP-Resolver -- !!

*Apr 27 23:41:16.918: LISPdata-signal: sending signal for 9.9.1.1->8.8.1.1 on in IPv4:Default
*Apr 27 23:41:16.930: LISP: Processing data signal for EID prefix IID 0 8.8.1.1/32
*Apr 27 23:41:16.934: LISP-0: Remote EID prefix 8.8.1.1/32, Change state to incomplete (method: data-signal, state: unknown, rlocs: 0).
*Apr 27 23:41:16.942: LISP-0: Remote EID prefix 8.8.1.1/32, Scheduling map requests (incomplete) (method: data-signal, state: incomplete, rlocs: 0).
*Apr 27 23:41:16.950: LISPreid: Default:0.0.0.0/0 Null modify of pco 0x691B4DE0 linked to glean for LISP0
*Apr 27 23:41:16.966: LISPreid: Default:8.8.1.1/32 Added LISP IPL src, ok
*Apr 27 23:41:16.978: LISPreid: Default:8.8.1.1/32 Created pco 0x6A825820 linked to drop
*Apr 27 23:41:16.982: LISPreid: Default:8.8.1.1/32 Added LISP src, success
*Apr 27 23:41:17.002: LISP-0: Request processing of remote EID prefix map requests.
*Apr 27 23:41:17.010: LISP: Send map request type remote EID prefix
*Apr 27 23:41:17.014: LISP: Send map request for EID prefix IID 0 8.8.1.1/32
*Apr 27 23:41:17.018: LISP-0: Remote EID prefix 8.8.1.1/32, Send map request (1) (method: data-signal, state: incomplete, rlocs: 0).
*Apr 27 23:41:17.022: LISP-0: AF IPv4, Sending map-request from 9.9.29.2 to 8.8.1.1 for EID 8.8.1.1/32, ITR-RLOCs 2, nonce 0x2050AF63-0x1DABF4FD (encap src 26.26.26.2, dst 1.1.1.7).

!! -- MAP-Resolver receives this request and forward it to RLOC -- !!
!! -- 13.13.13.1 -- !!

R7#
*Apr 27 23:41:17.022: LISP: Processing received Encap-Control message from 26.26.26.2 to 1.1.1.7
*Apr 27 23:41:17.030: LISP: Processing received Map-Request message from 9.9.29.2 to 8.8.1.1
*Apr 27 23:41:17.034: LISP: Received map request, source_eid IID 0 9.9.1.1, ITR-RLOCs: 25.25.25.2 26.26.26.2, records 1, nonce 0x2050AF63-0x1DABF4FD
*Apr 27 23:41:17.042: LISP-0: MS EID prefix 8.8.0.0/16 site SITE_A, Forwarding map request to ETR 13.13.13.1.

!! -- R1 receives this Map-request and send direct reply to -- !!
!! -- RLOC 26.26.26.2 -- !!

R1#

*Apr 27 23:41:17.134: LISP: Received map request, source_eid IID 0 9.9.1.1, ITR-RLOCs: 25.25.25.2 26.26.26.2, records 1, nonce 0x2050AF63-0x1DABF4FD
*Apr 27 23:41:17.138: LISP: Parsing mapping record for EID prefix IID 0 9.9.0.0/16
*Apr 27 23:41:17.142: LISP-0: Mapping Record has 2 locators (action none).
*Apr 27 23:41:17.150: LISP: Processing map request record for EID prefix IID 0 8.8.1.1/32
*Apr 27 23:41:17.154: LISP-0: AF IPv4, Route locator 26.26.26.2, src 14.14.14.1 nh 14.14.14.4 if FastEthernet1/1.
*Apr 27 23:41:17.154: LISP-0: AF IPv4, Added mapping record locator 13.13.13.1 (priority 1, weight 100, local, reachable).
*Apr 27 23:41:17.154: LISP-0: AF IPv4, Added mapping record locator 14.14.14.1 (priority 1, weight 50, local, reachable).
*Apr 27 23:41:17.154: LISP-0: AF IPv4, Built mapping record for 8.8.0.0/16 with 2 locators (action none).
*Apr 27 23:41:17.154: LISP-0: Sending map-reply from 14.14.14.1 to 26.26.26.2.
*Apr 27 23:41:17.158: LISP-0: AF IPv4, Sending control packet out of FastEthernet1/1 with next hop 14.14.14.4.
*Apr 27 23:41:17.162: LISP: Processing mapping information for EID prefix IID 0 9.9.0.0/16

At this moment both iTR routers R1 (Site A) and R2 (Site B) has each other’s EID-to-RLOC mapping information.

R1#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 06:47:07, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
9.9.0.0/16, uptime: 00:59:56, expires: 22:59:56, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  25.25.25.2  00:59:56  up           1/100
  26.26.26.2  00:59:56  up           1/50 

R2#sh ip lisp map-cache
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 06:47:44, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
8.8.0.0/16, uptime: 01:00:35, expires: 22:59:18, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  13.13.13.1  01:00:35  up           1/100
  14.14.14.1  01:00:35  up           1/50

!! -- Network communication is working fine between both sites now--!!

R8#ping 9.9.1.1 source 8.8.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.1.1, timeout is 2 seconds:
Packet sent with a source address of 8.8.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 192/197/204 ms

R8#ping 9.9.2.1 source 8.8.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.2.1, timeout is 2 seconds:
Packet sent with a source address of 8.8.2.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 196/198/208 ms

!! -- The IPv6 connectivity will work between both sites after -- !!
!! -- similar events (MAP-Register, MAP-Request, MAP-Reply etc.) -- !!
!! -- for IPv6 EID-to-RLOC mapping. -- !!

R8#ping 2001:9:9:1::1 source 2001:8:8:1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:9:9:1::1, timeout is 2 seconds:
Packet sent with a source address of 2001:8:8:1::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 184/202/216 ms
R8#ping 2001:9:9:2::1 source 2001:8:8:2::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:9:9:2::1, timeout is 2 seconds:
Packet sent with a source address of 2001:8:8:2::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 152/168/180 ms

!! -- Finally you would see lisp map-caching as follows -- !!

R1#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:14:43, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
9.9.0.0/16, uptime: 00:07:27, expires: 23:52:25, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  25.25.25.2  00:07:27  up           1/100
  26.26.26.2  00:07:27  up           1/50 

R1#sh ip lisp map-cache detail 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:14:46, expires: never, via static send map-request
  State: send-map-request, last modified: 00:14:46, map-source: local
  Idle, Packets out: 1 (~ 00:06:46 ago)
  Configured as EID address space
  Negative cache entry, action: send-map-request
9.9.0.0/16, uptime: 00:07:29, expires: 23:52:23, via map-reply, complete
  State: complete, last modified: 00:07:29, map-source: 25.25.25.2
  Idle, Packets out: 34 (~ 00:06:46 ago)
  Locator     Uptime    State      Pri/Wgt
  25.25.25.2  00:07:29  up           1/100
    Last up-down state change:         00:07:29, state change count: 1
    Last route reachability change:    never, state change count: 0
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            never
  26.26.26.2  00:07:29  up           1/50 
    Last up-down state change:         00:07:29, state change count: 1
    Last route reachability change:    never, state change count: 0
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            never


R1#sh ipv6 lisp map-cache 
LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 00:15:08, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
2001:9:9::/48, uptime: 00:05:42, expires: 23:54:10, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  25.25.25.2  00:05:42  up           1/100
  26.26.26.2  00:05:42  up           1/50 

R1#sh ipv6 lisp map-cache detail
LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 00:15:13, expires: never, via static send map-request
  State: send-map-request, last modified: 00:15:13, map-source: local
  Idle, Packets out: 1 (~ 00:05:15 ago)
  Configured as EID address space
  Negative cache entry, action: send-map-request
2001:9:9::/48, uptime: 00:05:47, expires: 23:54:05, via map-reply, complete
  State: complete, last modified: 00:05:47, map-source: 25.25.25.2
  Idle, Packets out: 19 (~ 00:04:15 ago)
  Locator     Uptime    State      Pri/Wgt
  25.25.25.2  00:05:47  up           1/100
    Last up-down state change:         00:05:47, state change count: 1
    Last route reachability change:    never, state change count: 0
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            never
  26.26.26.2  00:05:47  up           1/50 
    Last up-down state change:         00:05:47, state change count: 1
    Last route reachability change:    never, state change count: 0
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            never

R2#sh ip lisp map-cache 
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:16:19, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
8.8.0.0/16, uptime: 00:09:03, expires: 23:50:49, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  13.13.13.1  00:09:03  up           1/100
  14.14.14.1  00:09:03  up           1/50 

R2#sh ip lisp map-cache detail
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries

0.0.0.0/0, uptime: 00:16:23, expires: never, via static send map-request
  State: send-map-request, last modified: 00:16:23, map-source: local
  Idle, Packets out: 1 (~ 00:08:23 ago)
  Configured as EID address space
  Negative cache entry, action: send-map-request
8.8.0.0/16, uptime: 00:09:07, expires: 23:50:45, via map-reply, complete
  State: complete, last modified: 00:09:07, map-source: 14.14.14.1
  Idle, Packets out: 33 (~ 00:08:23 ago)
  Locator     Uptime    State      Pri/Wgt
  13.13.13.1  00:09:07  up           1/100
    Last up-down state change:         00:09:07, state change count: 1
    Last route reachability change:    never, state change count: 0
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            never
  14.14.14.1  00:09:07  up           1/50 
    Last up-down state change:         00:09:07, state change count: 1
    Last route reachability change:    never, state change count: 0
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            never

R2#sh ipv6 lisp map-cache     
LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 00:16:28, expires: never, via static send map-request
  Negative cache entry, action: send-map-request
2001:8:8::/48, uptime: 00:07:02, expires: 23:52:50, via map-reply, complete
  Locator     Uptime    State      Pri/Wgt
  13.13.13.1  00:07:02  up           1/100
  14.14.14.1  00:07:02  up           1/50 

R2#sh ipv6 lisp map-cache detail
LISP IPv6 Mapping Cache for EID-table default (IID 0), 2 entries

::/0, uptime: 00:16:33, expires: never, via static send map-request
  State: send-map-request, last modified: 00:16:33, map-source: local
  Idle, Packets out: 1 (~ 00:06:34 ago)
  Configured as EID address space
  Negative cache entry, action: send-map-request
2001:8:8::/48, uptime: 00:07:07, expires: 23:52:45, via map-reply, complete
  State: complete, last modified: 00:07:07, map-source: 14.14.14.1
  Idle, Packets out: 18 (~ 00:05:34 ago)
  Locator     Uptime    State      Pri/Wgt
  13.13.13.1  00:07:07  up           1/100
    Last up-down state change:         00:07:07, state change count: 1
    Last route reachability change:    never, state change count: 0
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            never
  14.14.14.1  00:07:07  up           1/50 
    Last up-down state change:         00:07:07, state change count: 1
    Last route reachability change:    never, state change count: 0
    Last priority / weight change:     never/never
    RLOC-probing loc-status algorithm:
      Last RLOC-probe sent:            never


R8#traceroute 9.9.1.1 source 8.8.1.1
Type escape sequence to abort.
Tracing the route to 9.9.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 8.8.18.1 56 msec 44 msec 68 msec
  2 14.14.14.4 76 msec 76 msec 112 msec
  3 1.1.46.6 108 msec 152 msec 108 msec
  4 1.1.56.5 180 msec 152 msec 156 msec
  5 25.25.25.2 200 msec 196 msec 208 msec
  6 9.9.29.9 192 msec *  200 msec

R8#traceroute 
Protocol [ip]: ipv6
Target IPv6 address: 2001:9:9:1::1
Source address: 2001:8:8:1::1
Insert source routing header? [no]: 
Numeric display? [no]: 
Timeout in seconds [3]: 
Probe count [3]: 
Minimum Time to Live [1]: 
Maximum Time to Live [30]: 
Priority [0]: 
Port Number [0]: 
Type escape sequence to abort.
Tracing the route to 2001:9:9:1::1

  1 2001:8:8:18::1 56 msec 48 msec 36 msec
  2 2001:9:9:29::2 188 msec 140 msec 200 msec
  3 2001:9:9:29::9 172 msec 192 msec 172 msec

 

BGP Outbound Route Filtering – ORF

When a customer connects a CE router to provider PE router for BGP peering, there are limited options for what routes a CE can receive from PE via BGP. Usually Service provider give the customer option of sending Full BGP table, just a default route, or some specific prefix such as default route + service provider’s locally originated prefix. Normally service provider do not want to implement complex outbound route filter policy for the customer. And customer implement a inbound route filter policy to receive prefix whatever they required.

From administrative point of view service provider is happy as they don’t have to worry about the change request coming from customer to add or remove the prefix in provider to customer advertisements.

Similarly, customer don’t have to submit a change request to service provider and can modify inbound filter policy as per their requirements.

But from a resources usage point of view this is not a optimal design. Provider router is still sending full bgp table (around 500k prefix) and customer router also process all of the BGP updates and ultimately just wanted to accept a few prefixes (sometime 1-2%) and deny all others.

Here, BGP Outbound Route Filtering capability plays a significant role to optimize this design without increasing the administrative overhead for service provider to make frequent changes for filtering prefix advertisements to the customer.

With BGP ORF capability, CE router tells dynamically PE Routers what outbound filter PE should use to advertise prefix to the CE.

Let’s configure this feature and see how it works. We will use following network topology for this discussion.

orf-topology

Here is the initial BGP configuration and status on both routers:

PE Router

- BGP Peering is UP between PE and CE Router
- PE is advertising full bgp table to CE

R2#sh run | s bgp
router bgp 200
 bgp log-neighbor-changes
 network 0.0.0.0
 network 2.2.1.0 mask 255.255.255.0
 network 2.2.2.0 mask 255.255.255.0
 network 2.2.3.0 mask 255.255.255.0
 network 2.2.4.0 mask 255.255.255.0
 network 2.2.5.0 mask 255.255.255.0
 neighbor 1.1.1.1 remote-as 100

R2#sh ip bgp sum | b Nei
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100       5       6        7    0    0 00:01:39        0

R2#sh ip bgp
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  2.2.3.0/24       0.0.0.0                  0         32768 i
 *>  2.2.4.0/24       0.0.0.0                  0         32768 i
 *>  2.2.5.0/24       0.0.0.0                  0         32768 i

R2#sh ip bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  2.2.3.0/24       0.0.0.0                  0         32768 i
 *>  2.2.4.0/24       0.0.0.0                  0         32768 i
 *>  2.2.5.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 6

 

CE Router

- BGP Peering is UP between CE and PE Router
- CE is receiving full bgp table from PE

R1#sh run | s bgp
router bgp 100
 bgp log-neighbor-changes
 neighbor 1.1.1.2 remote-as 200

R1#sh ip bgp sum | b Nei
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.2         4          200      12      12       19    0    0 00:07:35        6

R1#sh ip bgp
BGP table version is 19, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          1.1.1.2                  0             0 200 i
 *>  2.2.1.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.2.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.3.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.4.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.5.0/24       1.1.1.2                  0             0 200 i

Let’s first apply inbound filter on CE Router. CE want to accept below prefix only:

Default route + 2 specific prefix
0.0.0.0/0
2.2.1.0/24
2.2.2.0/24

R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list FILTER permit 0.0.0.0/0
R1(config)#ip prefix-list FILTER permit 2.2.1.0/24
R1(config)#ip prefix-list FILTER permit 2.2.2.0/24
R1(config)#
R1(config)#router bgp 100
R1(config-router)# neighbor 1.1.1.2 prefix-list FILTER in
R1(config-router)#
R1(config-router)#end
R1#
*Apr  8 12:09:58.667: %SYS-5-CONFIG_I: Configured from console by console
R1#clear ip bgp * soft
R1#sh ip bgp
BGP table version is 22, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          1.1.1.2                  0             0 200 i
 *>  2.2.1.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.2.0/24       1.1.1.2                  0             0 200 i

 

it appears our requirement is fulfilled but there is something not optimal behind the scene. Let’s debug the BGP advertisements.

PE is still advertising full BGP table to CE.

R2#sh ip bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  2.2.3.0/24       0.0.0.0                  0         32768 i
 *>  2.2.4.0/24       0.0.0.0                  0         32768 i
 *>  2.2.5.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 6
We can see before accepting the required 3 prefixes in BGP table, CE router has processed all received prefixes from PE and denied the prefixes which are not permitted in the inbound prefix-list applied for neighbor 1.1.1.2 on CE router. Just imagine the resources usage if it was the actual full bgp table of 500K prefixes.

R1#debug ip bgp updates
BGP updates debugging is on for address family: IPv4 Unicast
R1#
R1#clear ip bgp 1.1.1.2
R1#
*Apr  8 12:15:10.551: BGP(0): no valid path for 0.0.0.0/0
*Apr  8 12:15:10.555: BGP(0): no valid path for 2.2.1.0/24
*Apr  8 12:15:10.559: BGP(0): no valid path for 2.2.2.0/24
*Apr  8 12:15:10.567: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Down User reset
*Apr  8 12:15:10.571: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.2 IPv4 Unicast topology base removed from session  User reset
*Apr  8 12:15:10.575: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 0.0.0.0/0
*Apr  8 12:15:10.583: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 2.2.1.0/24
*Apr  8 12:15:10.591: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 2.2.2.0/24
*Apr  8 12:15:10.883: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up
*Apr  8 12:15:10.979: BGP(0): 1.1.1.2 rcvd UPDATE w/ attr: nexthop 1.1.1.2, origin i, metric 0, merged path 200, AS_PATH
*Apr  8 12:15:10.991: BGP(0): 1.1.1.2 rcvd 0.0.0.0/0
*Apr  8 12:15:10.995: BGP(0): 1.1.1.2 rcvd 2.2.1.0/24
*Apr  8 12:15:10.999: BGP(0): 1.1.1.2 rcvd 2.2.2.0/24
*Ap
R1#r  8 12:15:11.003: BGP(0): 1.1.1.2 rcvd 2.2.3.0/24 -- DENIED due to: distribute/prefix-list;
*Apr  8 12:15:11.007: BGP(0): 1.1.1.2 rcvd 2.2.4.0/24 -- DENIED due to: distribute/prefix-list;
*Apr  8 12:15:11.011: BGP(0): 1.1.1.2 rcvd 2.2.5.0/24 -- DENIED due to: distribute/prefix-list;
*Apr  8 12:15:11.015: BGP(0): Revise route installing 1 of 1 routes for 0.0.0.0/0 -> 1.1.1.2(global) to main IP table
*Apr  8 12:15:11.015: BGP(0): Revise route installing 1 of 1 routes for 2.2.1.0/24 -> 1.1.1.2(global) to main IP table
*Apr  8 12:15:11.019: BGP(0): Revise route installing 1 of 1 routes for 2.2.2.0/24 -> 1.1.1.2(global) to main IP table

R1#sh ip bgp
BGP table version is 34, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          1.1.1.2                  0             0 200 i
 *>  2.2.1.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.2.0/24       1.1.1.2                  0             0 200 i

Let’s try BGP ORF feature now.

CE Router - R1

R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list FILTER permit 0.0.0.0/0
R1(config)#ip prefix-list FILTER permit 2.2.1.0/24
R1(config)#ip prefix-list FILTER permit 2.2.2.0/24
R1(config)#
R1(config)#router bgp 100
R1(config-router)#neighbor 1.1.1.2 capability orf prefix-list send
R1(config-router)# neighbor 1.1.1.2 prefix-list FILTER in
R1(config-router)#end
*Apr  8 12:22:38.879: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Down Capability changed
*Apr  8 12:22:38.883: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.2 IPv4 Unicast topology base removed from session  Capability changed
*Apr  8 12:22:39.391: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up


PE Router - R2

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router bgp 200
R2(config-router)#neighbor 1.1.1.1 capability orf prefix-list receive
R2(config-router)#
*Apr  8 12:26:25.267: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down Capability changed
*Apr  8 12:26:25.271: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.1 IPv4 Unicast topology base removed from session  Capability changed
*Apr  8 12:26:25.955: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
R2(config-router)#
R2(config-router)#end
R2#

Verification:

CE Router (R1) has negotiated ORF capability with neighbor router (PE R2) and sent the prefix-list ORF to PE neighbor. 

R1#sh ip bgp neighbors 1.1.1.2

<snip>

 For address family: IPv4 Unicast
  Session: 1.1.1.2
  BGP table version 46, neighbor version 46/0
  Output queue size : 0
  Index 7, Advertise bit 0
  7 update-group member
  AF-dependant capabilities:
    Outbound Route Filter (ORF) type (128) Prefix-list:
      Send-mode: advertised
      Receive-mode: received
  Outbound Route Filter (ORF): sent;
  Incoming update prefix filter list is FILTER

<snip>
PE Router (R2) has negotiated ORF capability with neighbor router (CE R1) and received the prefix-list ORF from CE neighbor.

R2#sh ip bgp neighbors 1.1.1.1

<snip>

 For address family: IPv4 Unicast
  Session: 1.1.1.1
  BGP table version 7, neighbor version 7/0
  Output queue size : 0
  Index 7, Advertise bit 0
  7 update-group member
  AF-dependant capabilities:
    Outbound Route Filter (ORF) type (128) Prefix-list:
      Send-mode: received
      Receive-mode: advertised
  Outbound Route Filter (ORF): received (3 entries)

<snip> 


R2#sh ip bgp neighbors 1.1.1.1 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 1.1.1.1: 3 entries
   seq 5 permit 0.0.0.0/0
   seq 10 permit 2.2.1.0/24
   seq 15 permit 2.2.2.0/24
R2#

!! -- You can see there is no local prefix-list in running configuration of R2 --!!

R2#sh ip prefix-list
R2#

!! -- Now R2 is advertising only those prefixes to neighbor which are permitted in ORF prefix-list --!! 

R2#sh ip bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 3
Let's debug bgp updates on R1 to see what it is receiving.
It is receiving only required prefix from neighbor. There is no extra CPU resources used for processing unnecessary updates.

R1#debug ip bgp updates
BGP updates debugging is on for address family: IPv4 Unicast

R1#clear ip bgp 1.1.1.2
R1#
*Apr  8 13:10:36.119: BGP(0): no valid path for 0.0.0.0/0
*Apr  8 13:10:36.123: BGP(0): no valid path for 2.2.1.0/24
*Apr  8 13:10:36.123: BGP(0): no valid path for 2.2.2.0/24
*Apr  8 13:10:36.135: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Down User reset
*Apr  8 13:10:36.139: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.2 IPv4 Unicast topology base removed from session  User reset
*Apr  8 13:10:36.143: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 0.0.0.0/0
*Apr  8 13:10:36.147: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 2.2.1.0/24
*Apr  8 13:10:36.155: BGP: topo global:IPv4 Unicast:base Remove_fwdroute for 2.2.2.0/24
R1#
*Apr  8 13:10:37.291: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up
*Apr  8 13:10:38.219: BGP(0): 1.1.1.2 rcvd UPDATE w/ attr: nexthop 1.1.1.2, origin i, metric 0, merged path 200, AS_PATH
*Apr  8 13:10:38.227: BGP(0): 1.1.1.2 rcvd 0.0.0.0/0
*Apr  8 13:10:38.231: BGP(0): 1.1.1.2 rcvd 2.2.1.0/24
*Apr  8 13:10:38.235: BGP(0): 1.1.1.2 rcvd 2.2.2.0/24
*Apr  8 13:10:38.239: BGP(0): Revise route installing 1 of 1 routes for 0.0.0.0/0 -> 1.1.1.2(global) to main IP table
*Apr  8 13:10:38.247: BGP(0): Revise route installing 1 of 1 routes for 2.2.1.0/24 -> 1.1.1.2(global) to main IP table
*Apr  8 13:10:38.247: BGP(0): Revise route installing 1 of 1 routes for 2.2.2.0/24 -> 1.1.1.2(global) to main IP table
R1#
In future, if CE want to receive one more prefix 2.2.3.0/24 from PE. CE just have to modify its prefix-list.

!!-- Existing prefix-list --!!
R1#sh ip prefix-list
ip prefix-list FILTER: 3 entries
   seq 5 permit 0.0.0.0/0
   seq 10 permit 2.2.1.0/24
   seq 15 permit 2.2.2.0/24
R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list FILTER seq 20 permit 2.2.3.0/24
R1(config)#
R1(config)#end
R1#
*Apr  8 13:15:03.579: %SYS-5-CONFIG_I: Configured from console by console

!!-- New prefix-list --!!
R1#sh ip prefix-list
ip prefix-list FILTER: 4 entries
   seq 5 permit 0.0.0.0/0
   seq 10 permit 2.2.1.0/24
   seq 15 permit 2.2.2.0/24
   seq 20 permit 2.2.3.0/24
R1#

R1#clear ip bgp 1.1.1.2 in ?
  prefix-filter  Push out prefix-list ORF and do inbound soft reconfig
  <cr>
R1#clear ip bgp 1.1.1.2 in prefix-filter


R2 has the updated prefix-filter now.

R2#sh ip bgp neighbors 1.1.1.1 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 1.1.1.1: 4 entries
   seq 5 permit 0.0.0.0/0
   seq 10 permit 2.2.1.0/24
   seq 15 permit 2.2.2.0/24
   seq 20 permit 2.2.3.0/24

R2 advertised prefixes based on the updated prefix-filter

R2#sh ip bgp neighbors 1.1.1.1 advertised-routes
BGP table version is 7, local router ID is 2.2.5.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  2.2.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  2.2.3.0/24       0.0.0.0                  0         32768 i

Total number of prefixes 4

R1 has the required prefixes in its BGP table. 

R1#sh ip bgp
BGP table version is 59, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          1.1.1.2                  0             0 200 i
 *>  2.2.1.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.2.0/24       1.1.1.2                  0             0 200 i
 *>  2.2.3.0/24       1.1.1.2                  0             0 200 i

BGP Default Route

We will discuss the different ways to advertise a default route in BGP. We will use following network topology for the same.

bgp-default-route

1. default-information originate

A default route can be injected into BGP with the command ‘default-information originate’. Following conditions must be fulfilled to use this method.

– A default route must be in the local routing table.
– The default route must be redistributed into the BGP
– Add ‘default-information originate’ under router bgp <ASN>

Here is the initial configuration and BGP status on all routers.

R1

R2

R3

R4

Let’s first try to add a static default route and redistribute it into BGP on R1.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 null0
R1(config)#router bgp 100
R1(config-router)#redistribute static
R1(config-router)#
R1(config-router)#do sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 redistribute static
 neighbor 12.12.12.2 remote-as 200
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
R1(config-router)#do sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "static", distance 1, metric 0 (connected), candidate default path
  Redistributing via bgp 100
  Routing Descriptor Blocks:
  * directly connected, via Null0
      Route metric is 0, traffic share count is 1
R1(config-router)#
R1(config-router)#do sh ip bgp
BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i
R1(config-router)#

R1 is not yet advertising default route into BGP. It shows that simply redistributing a default route into BGP would not help. Let’s add a ‘default-information originate’ under BGP.

R1(config-router)#router bgp 100
R1(config-router)#default-information originate
R1(config-router)#do sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 redistribute static
 neighbor 12.12.12.2 remote-as 200
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
 default-information originate
R1(config-router)#do sh ip bgp
BGP table version is 11, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 ?
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i
R1(config-router)#

Now you can see all BGP peers (iBGP and eBGP) are receiving default route information from R1.

R2#sh ip bgp
BGP table version is 10, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          12.12.12.1               0             0 100 ?
 *>  1.1.1.0/24       12.12.12.1               0             0 100 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  3.3.3.0/24       12.12.12.1                             0 100 300 i
 *>  4.4.4.0/24       12.12.12.1                             0 100 i
R2#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 200", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 12.12.12.1 00:02:25 ago
  Routing Descriptor Blocks:
  * 12.12.12.1, from 12.12.12.1, 00:02:25 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none
R2#
R3#sh ip bgp
BGP table version is 8, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          13.13.13.1               0             0 100 ?
 *>  1.1.1.0/24       13.13.13.1               0             0 100 i
 *>  2.2.2.0/24       13.13.13.1                             0 100 200 i
 *>  3.3.3.0/24       0.0.0.0                  0         32768 i
 *>  4.4.4.0/24       13.13.13.1                             0 100 i
R3#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 300", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 13.13.13.1 00:04:36 ago
  Routing Descriptor Blocks:
  * 13.13.13.1, from 13.13.13.1, 00:04:36 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none
R3#
R4#sh ip bgp
BGP table version is 8, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 0.0.0.0          14.14.14.1               0    100      0 ?
 r>i 1.1.1.0/24       14.14.14.1               0    100      0 i
 *>i 2.2.2.0/24       14.14.14.1               0    100      0 200 i
 *>i 3.3.3.0/24       14.14.14.1               0    100      0 300 i
 *>  4.4.4.0/24       0.0.0.0                  0         32768 i
R4#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 100", distance 200, metric 0, candidate default path, type internal
  Last update from 14.14.14.1 00:05:21 ago
  Routing Descriptor Blocks:
  * 14.14.14.1, from 14.14.14.1, 00:05:21 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0
      MPLS label: none

 

2. network 0.0.0.0

A default route can be injected into BGP with configuration of ‘network 0.0.0.0’ under BGP if a default route is available in the local routing table of a router.

Following conditions must be fulfilled to use this method.

– A default route must be in the local routing table.
– Add ‘network 0.0.0.0’ under router bgp <ASN>

Let’s remove previously configured ‘default-information originate’ and ‘redistribute static’ commands and use ‘network 0.0.0.0’.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 100
R1(config-router)#no default-information originate
R1(config-router)#no redistribute static
R1(config-router)#network 0.0.0.0
R1(config-router)#do sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 0.0.0.0
 network 1.1.1.0 mask 255.255.255.0
 neighbor 12.12.12.2 remote-as 200
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
R1(config-router)#end
R1#sh ip
*Mar 24 11:42:36.623: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip bgp
BGP table version is 13, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          0.0.0.0                  0         32768 i
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i
R1#

Let’s verify BGP table and default route on peer routers.

R2#sh ip bgp
BGP table version is 12, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          12.12.12.1               0             0 100 i
 *>  1.1.1.0/24       12.12.12.1               0             0 100 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  3.3.3.0/24       12.12.12.1                             0 100 300 i
 *>  4.4.4.0/24       12.12.12.1                             0 100 i
R2#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 200", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 12.12.12.1 00:01:54 ago
  Routing Descriptor Blocks:
  * 12.12.12.1, from 12.12.12.1, 00:01:54 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none
R3#sh ip bgp
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          13.13.13.1               0             0 100 i
 *>  1.1.1.0/24       13.13.13.1               0             0 100 i
 *>  2.2.2.0/24       13.13.13.1                             0 100 200 i
 *>  3.3.3.0/24       0.0.0.0                  0         32768 i
 *>  4.4.4.0/24       13.13.13.1                             0 100 i
R3#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 300", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 13.13.13.1 00:02:17 ago
  Routing Descriptor Blocks:
  * 13.13.13.1, from 13.13.13.1, 00:02:17 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none
R4#sh ip bgp
BGP table version is 10, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 0.0.0.0          14.14.14.1               0    100      0 i
 r>i 1.1.1.0/24       14.14.14.1               0    100      0 i
 *>i 2.2.2.0/24       14.14.14.1               0    100      0 200 i
 *>i 3.3.3.0/24       14.14.14.1               0    100      0 300 i
 *>  4.4.4.0/24       0.0.0.0                  0         32768 i
R4#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 100", distance 200, metric 0, candidate default path, type internal
  Last update from 14.14.14.1 00:03:06 ago
  Routing Descriptor Blocks:
  * 14.14.14.1, from 14.14.14.1, 00:03:06 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0
      MPLS label: none

 

3. neighbor x.x.x.x default-originate

If you want to advertise default route to a specific peer, this is the method for that requirement.

– Add ‘neighbor x.x.x.x default-originate’ under router bgp <ASN>
– It does not even check for the existence of a default route in the IP routing table
– The ‘default-information originate’ command should not be configured with the ‘neighbor x.x.x.x default-originate’ command on the same router

Let’s remove previously configured commands.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#no ip route 0.0.0.0 0.0.0.0 Null0
R1(config)#router bgp 100
R1(config-router)#no  network 0.0.0.0
R1(config-router)#end
R1#sh run
*Mar 24 11:50:22.479: %SYS-5-CONFIG_I: Configured from console by console
R1#sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 neighbor 12.12.12.2 remote-as 200
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
R1#sh ip route 0.0.0.0
% Network not in table
R1#sh ip bgp
BGP table version is 14, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i

Now advertise default route only to R2.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 100
R1(config-router)#neighbor 12.12.12.2 default-originate
R1(config-router)#end
R1#s
*Mar 24 11:53:46.471: %SYS-5-CONFIG_I: Configured from console by consoleh
R1#sh run | s bgp
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 network 1.1.1.0 mask 255.255.255.0
 neighbor 12.12.12.2 remote-as 200
 neighbor 12.12.12.2 default-originate
 neighbor 13.13.13.3 remote-as 300
 neighbor 14.14.14.4 remote-as 100
 neighbor 14.14.14.4 next-hop-self
R1#clear ip bgp 12.12.12.2 soft
R1#sh ip bgp
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i
R1#sh ip route 0.0.0.0
% Network not in table
R1#

Notice there is no default route available in local routing table of R1 and bgp table also shows there is no best route (no *> status) for 0.0.0.0 network.

Let’s verify what R1 is advertising to its peers.

R1#sh ip bgp neighbors 12.12.12.2 advertised-routes
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Originating default network 0.0.0.0

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i

Total number of prefixes 3

R1#sh ip bgp neighbors 13.13.13.3 advertised-routes
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       0.0.0.0                  0         32768 i
 *>  2.2.2.0/24       12.12.12.2               0             0 200 i
 *>  3.3.3.0/24       13.13.13.3               0             0 300 i
 r>i 4.4.4.0/24       14.14.14.4               0    100      0 i

Total number of prefixes 4

## No default route advertised to R3(13.13.13.3)

Finally, verify BGP table and routing table on all peer routers.

R2#sh ip bgp
BGP table version is 14, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          12.12.12.1                             0 100 i
 *>  1.1.1.0/24       12.12.12.1               0             0 100 i
 *>  2.2.2.0/24       0.0.0.0                  0         32768 i
 *>  3.3.3.0/24       12.12.12.1                             0 100 300 i
 *>  4.4.4.0/24       12.12.12.1                             0 100 i
R2#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "bgp 200", distance 20, metric 0, candidate default path
  Tag 100, type external
  Last update from 12.12.12.1 00:08:27 ago
  Routing Descriptor Blocks:
  * 12.12.12.1, from 12.12.12.1, 00:08:27 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 100
      MPLS label: none
R3#sh ip bgp
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       13.13.13.1               0             0 100 i
 *>  2.2.2.0/24       13.13.13.1                             0 100 200 i
 *>  3.3.3.0/24       0.0.0.0                  0         32768 i
 *>  4.4.4.0/24       13.13.13.1                             0 100 i
R3#sh ip route 0.0.0.0
% Network not in table
R4#sh ip bgp
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 r>i 1.1.1.0/24       14.14.14.1               0    100      0 i
 *>i 2.2.2.0/24       14.14.14.1               0    100      0 200 i
 *>i 3.3.3.0/24       14.14.14.1               0    100      0 300 i
 *>  4.4.4.0/24       0.0.0.0                  0         32768 i
R4#sh ip route 0.0.0.0
% Network not in table

Route Leak between VRFs with Import MAP

We will discuss route-leaking between VRFs using different import-map techniques in this session.

Here is the network topology for our discussion.

mpls-vrf-import

 

Task requirement: On R1, VRF AAA should import prefix 10.4.2.0/24 from ASN 444 and 10.6.1.0/24 from ASN 666.

 

Pre-Configuration of devices:

R1:

hostname R1
!
vrf definition AAA
 rd 333:3
 !
 address-family ipv4
 route-target export 333:3
 route-target import 333:3
 exit-address-family
!
interface Loopback0
 ip address 172.16.0.1 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 172.16.12.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 mpls ip
!
interface FastEthernet1/0
 vrf forwarding AAA
 ip address 172.16.13.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
!
router bgp 100
 bgp router-id 172.16.0.1
 no bgp default ipv4-unicast
 no bgp default route-target filter
 bgp log-neighbor-changes
 neighbor 172.16.0.2 remote-as 100
 neighbor 172.16.0.2 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 172.16.0.2 activate
  neighbor 172.16.0.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf AAA
  no synchronization
  redistribute connected
  neighbor 172.16.13.3 remote-as 333
  neighbor 172.16.13.3 activate
 exit-address-family
!
end



R2:


hostname R2
!
vrf definition BBB
 rd 444:4
 !
 address-family ipv4
 route-target export 444:4
 route-target import 444:4
 exit-address-family
!
vrf definition CCC
 rd 666:6
 !
 address-family ipv4
 route-target export 666:6
 route-target import 666:6
 exit-address-family
!
interface Loopback0
 ip address 172.16.0.2 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 172.16.12.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 mpls ip
!
interface FastEthernet1/0
 vrf forwarding BBB
 ip address 172.16.24.2 255.255.255.0
!
interface FastEthernet1/1
 vrf forwarding CCC
 ip address 172.16.26.2 255.255.255.0
!
router ospf 1
 log-adjacency-changes
!
router bgp 100
 bgp router-id 172.16.0.2
 no bgp default ipv4-unicast
 no bgp default route-target filter
 bgp log-neighbor-changes
 neighbor 172.16.0.1 remote-as 100
 neighbor 172.16.0.1 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 172.16.0.1 activate
  neighbor 172.16.0.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf BBB
  no synchronization
  redistribute connected
  neighbor 172.16.24.4 remote-as 444
  neighbor 172.16.24.4 activate
 exit-address-family
 !
 address-family ipv4 vrf CCC
  no synchronization
  redistribute connected
  neighbor 172.16.26.6 remote-as 666
  neighbor 172.16.26.6 activate
 exit-address-family
!


R3:

hostname R3
!
interface Loopback1
 ip address 10.3.1.1 255.255.255.0
!
interface Loopback2
 ip address 10.3.2.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 172.16.13.3 255.255.255.0
!
router bgp 333
 no synchronization
 bgp router-id 172.16.13.3
 bgp log-neighbor-changes
 network 10.3.1.0 mask 255.255.255.0
 network 10.3.2.0 mask 255.255.255.0
 neighbor 172.16.13.1 remote-as 100
 no auto-summary
!

R4:

hostname R4
!
interface Loopback1
 ip address 10.4.1.1 255.255.255.0
!
interface Loopback2
 ip address 10.4.2.1 255.255.255.0
!
interface Loopback192
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 172.16.24.4 255.255.255.0
!
router bgp 444
 no synchronization
 bgp router-id 172.16.24.4
 bgp log-neighbor-changes
 network 10.4.1.0 mask 255.255.255.0
 network 10.4.2.0 mask 255.255.255.0
 network 192.168.1.0
 neighbor 172.16.24.2 remote-as 100
 no auto-summary
!


R6:

hostname R6
!
interface Loopback1
 ip address 10.6.1.1 255.255.255.0
!
interface Loopback2
 ip address 10.6.2.1 255.255.255.0
!
interface Loopback192
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 172.16.26.6 255.255.255.0
!
router bgp 666
 no synchronization
 bgp router-id 172.16.26.6
 bgp log-neighbor-changes
 network 10.6.1.0 mask 255.255.255.0
 network 10.6.2.0 mask 255.255.255.0
 network 192.168.1.0
 neighbor 172.16.26.2 remote-as 100
 no auto-summary
!

All BGP neighborships are UP and Routers are advertising their respective prefixes into BGP.

R1#sh bgp all summary 
For address family: VPNv4 Unicast
BGP router identifier 172.16.0.1, local AS number 100
BGP table version is 4, main routing table version 4
3 network entries using 456 bytes of memory
3 path entries using 156 bytes of memory
5/2 BGP path/bestpath attribute entries using 660 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
3 BGP extended community entries using 72 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1368 total bytes of memory
BGP activity 6/3 prefixes, 6/3 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.0.2      4          100       8       4        4    0    0 00:01:15        0
172.16.13.3     4          333       6       3        4    0    0 00:01:15        2

R1#sh bgp vpnv4 unicast all 
BGP table version is 12, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 333:3 (default for vrf AAA)
*> 10.3.1.0/24      172.16.13.3              0             0 333 i
*> 10.3.2.0/24      172.16.13.3              0             0 333 i
*> 172.16.13.0/24   0.0.0.0                  0         32768 ?
Route Distinguisher: 444:4
*>i10.4.1.0/24      172.16.0.2               0    100      0 444 i
*>i10.4.2.0/24      172.16.0.2               0    100      0 444 i
*>i172.16.24.0/24   172.16.0.2               0    100      0 ?
*>i192.168.1.0      172.16.0.2               0    100      0 444 i
Route Distinguisher: 666:6
*>i10.6.1.0/24      172.16.0.2               0    100      0 666 i
*>i10.6.2.0/24      172.16.0.2               0    100      0 666 i
*>i172.16.26.0/24   172.16.0.2               0    100      0 ?
*>i192.168.1.0      172.16.0.2               0    100      0 666 i



R2#sh bgp all summary 
For address family: VPNv4 Unicast
BGP router identifier 172.16.0.2, local AS number 100
BGP table version is 9, main routing table version 9
8 network entries using 1216 bytes of memory
8 path entries using 416 bytes of memory
6/4 BGP path/bestpath attribute entries using 792 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
2 BGP extended community entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2520 total bytes of memory
BGP activity 22/14 prefixes, 22/14 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.0.1      4          100       6       9        9    0    0 00:01:40        0
172.16.24.4     4          444       6       6        9    0    0 00:01:45        3
172.16.26.6     4          666       6       6        9    0    0 00:01:45        3

R2#sh bgp vpnv4 unicast all 
BGP table version is 12, local router ID is 172.16.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 333:3
*>i10.3.1.0/24      172.16.0.1               0    100      0 333 i
*>i10.3.2.0/24      172.16.0.1               0    100      0 333 i
*>i172.16.13.0/24   172.16.0.1               0    100      0 ?
Route Distinguisher: 444:4 (default for vrf BBB)
*> 10.4.1.0/24      172.16.24.4              0             0 444 i
*> 10.4.2.0/24      172.16.24.4              0             0 444 i
*> 172.16.24.0/24   0.0.0.0                  0         32768 ?
*> 192.168.1.0      172.16.24.4              0             0 444 i
Route Distinguisher: 666:6 (default for vrf CCC)
*> 10.6.1.0/24      172.16.26.6              0             0 666 i
*> 10.6.2.0/24      172.16.26.6              0             0 666 i
*> 172.16.26.0/24   0.0.0.0                  0         32768 ?
*> 192.168.1.0      172.16.26.6              0             0 666 i



R3#sh ip bgp summary 
BGP router identifier 172.16.13.3, local AS number 333
BGP table version is 29, main routing table version 29
3 network entries using 384 bytes of memory
3 path entries using 156 bytes of memory
2/2 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 812 total bytes of memory
BGP activity 14/11 prefixes, 15/12 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.13.1     4          100      11      12       29    0    0 00:07:10        1

R3#sh ip bgp 
BGP table version is 29, local router ID is 172.16.13.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.3.1.0/24      0.0.0.0                  0         32768 i
*> 10.3.2.0/24      0.0.0.0                  0         32768 i
r> 172.16.13.0/24   172.16.13.1              0             0 100 ?


R3#sh ip route     
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.3.1.0/24 is directly connected, Loopback1
L        10.3.1.1/32 is directly connected, Loopback1
C        10.3.2.0/24 is directly connected, Loopback2
L        10.3.2.1/32 is directly connected, Loopback2
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.13.0/24 is directly connected, FastEthernet0/0
L        172.16.13.3/32 is directly connected, FastEthernet0/0



R4#sh ip bgp sum
BGP router identifier 172.16.24.4, local AS number 444
BGP table version is 31, main routing table version 31
4 network entries using 512 bytes of memory
4 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 992 total bytes of memory
BGP activity 14/10 prefixes, 17/13 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.24.2     4          100      13      14       31    0    0 00:08:25        1

R4#sh ip bgp
BGP table version is 31, local router ID is 172.16.24.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.4.1.0/24      0.0.0.0                  0         32768 i
*> 10.4.2.0/24      0.0.0.0                  0         32768 i
r> 172.16.24.0/24   172.16.24.2              0             0 100 ?
*> 192.168.1.0      0.0.0.0                  0         32768 i

R4#sh ip route 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.4.1.0/24 is directly connected, Loopback1
L        10.4.1.1/32 is directly connected, Loopback1
C        10.4.2.0/24 is directly connected, Loopback2
L        10.4.2.1/32 is directly connected, Loopback2
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.24.0/24 is directly connected, FastEthernet0/0
L        172.16.24.4/32 is directly connected, FastEthernet0/0
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Loopback192
L        192.168.1.1/32 is directly connected, Loopback192




R6#sh ip bgp sum
BGP router identifier 172.16.26.6, local AS number 666
BGP table version is 33, main routing table version 33
4 network entries using 512 bytes of memory
4 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 248 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 992 total bytes of memory
BGP activity 13/9 prefixes, 18/14 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.26.2     4          100      14      14       33    0    0 00:09:03        1

R6#sh ip bgp
BGP table version is 33, local router ID is 172.16.26.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.6.1.0/24      0.0.0.0                  0         32768 i
*> 10.6.2.0/24      0.0.0.0                  0         32768 i
r> 172.16.26.0/24   172.16.26.2              0             0 100 ?
*> 192.168.1.0      0.0.0.0                  0         32768 i

R6#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.6.1.0/24 is directly connected, Loopback1
L        10.6.1.1/32 is directly connected, Loopback1
C        10.6.2.0/24 is directly connected, Loopback2
L        10.6.2.1/32 is directly connected, Loopback2
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.26.0/24 is directly connected, FastEthernet0/0
L        172.16.26.6/32 is directly connected, FastEthernet0/0
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Loopback192
L        192.168.1.1/32 is directly connected, Loopback192

 If we see the configuration on R2 ASN 444 prefixes are exported with route-target value 444:4. This is extended community attached to all prefixes exported into BGP table from VRF BBB.

We can verify the same with show output on R2 for any route of VRF BBB.

R2#sh bgp vpnv4 unicast vrf BBB 10.4.2.0
BGP routing table entry for 444:4:10.4.2.0/24, version 3
Paths: (1 available, best #1, table BBB)
  Advertised to update-groups:
     7         
  444
    172.16.24.4 from 172.16.24.4 (172.16.24.4)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Extended Community: RT:444:4
      mpls labels in/out 34/nolabel

Let’s import prefix from ASN 444 into VRF AAA on router R1.

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#vrf definition AAA
R1(config-vrf)#address-family ipv4
R1(config-vrf-af)#route-target import ?
 ASN:nn or IP-address:nn Target VPN Extended Community

R1(config-vrf-af)#route-target import 444:4
R1(config-vrf-af)#end
R1#

We can see the prefixes with extended community value 444:4 are imported into VRF AAA now. And the same would be advertised to BGP Peer R3.

R1#sh bgp vpnv4 unicast all 
BGP table version is 16, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
 r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

 Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 333:3 (default for vrf AAA)
*> 10.3.1.0/24 172.16.13.3 0 0 333 i
*> 10.3.2.0/24 172.16.13.3 0 0 333 i
*>i10.4.1.0/24 172.16.0.2 0 100 0 444 i
*>i10.4.2.0/24 172.16.0.2 0 100 0 444 i
*> 172.16.13.0/24 0.0.0.0 0 32768 ?
*>i172.16.24.0/24 172.16.0.2 0 100 0 ?
*>i192.168.1.0 172.16.0.2 0 100 0 444 i
Route Distinguisher: 444:4
*>i10.4.1.0/24 172.16.0.2 0 100 0 444 i
*>i10.4.2.0/24 172.16.0.2 0 100 0 444 i
*>i172.16.24.0/24 172.16.0.2 0 100 0 ?
*>i192.168.1.0 172.16.0.2 0 100 0 444 i
Route Distinguisher: 666:6
*>i10.6.1.0/24 172.16.0.2 0 100 0 666 i
 Network Next Hop Metric LocPrf Weight Path
*>i10.6.2.0/24 172.16.0.2 0 100 0 666 i
*>i172.16.26.0/24 172.16.0.2 0 100 0 ?
*>i192.168.1.0 172.16.0.2 0 100 0 666 i

 BGP Table and Route table on R3:

R3#sh ip bgp sum
BGP router identifier 172.16.13.3, local AS number 333
BGP table version is 33, main routing table version 33
7 network entries using 896 bytes of memory
7 path entries using 364 bytes of memory
4/4 BGP path/bestpath attribute entries using 496 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1804 total bytes of memory
BGP activity 18/11 prefixes, 19/12 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.13.1     4          100      44      44       33    0    0 00:35:47        5

R3#sh ip bgp
BGP table version is 33, local router ID is 172.16.13.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.3.1.0/24      0.0.0.0                  0         32768 i
*> 10.3.2.0/24      0.0.0.0                  0         32768 i
*> 10.4.1.0/24      172.16.13.1                            0 100 444 i
*> 10.4.2.0/24      172.16.13.1                            0 100 444 i
r> 172.16.13.0/24   172.16.13.1              0             0 100 ?
*> 172.16.24.0/24   172.16.13.1                            0 100 ?
*> 192.168.1.0      172.16.13.1                            0 100 444 i

R3#sh ip route bgp 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        10.4.1.0/24 [20/0] via 172.16.13.1, 00:02:43
B        10.4.2.0/24 [20/0] via 172.16.13.1, 00:02:43
      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B        172.16.24.0/24 [20/0] via 172.16.13.1, 00:02:43
B     192.168.1.0/24 [20/0] via 172.16.13.1, 00:02:43

But we are receiving more prefix (all prefix advertised by R4) than our requirement.
We can use route-map with import-map under VRF to filter prefix as per our requirement.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list R4-SELECTIVE-PREFIX seq 5 permit 10.4.2.0/24
R1(config)#
R1(config)#route-map AAA-VRF-IMPORT permit 10
R1(config-route-map)#match ip address prefix-list R4-SELECTIVE-PREFIX
R1(config-route-map)#exit
R1(config)#
R1(config)#vrf definition AAA
R1(config-vrf)#address-family ipv4
R1(config-vrf-af)#import map AAA-VRF-IMPORT
R1(config-vrf-af)#end
R1#
R1#clear bgp vpnv4 unicast * soft

Let’s do the same for import prefix from VRF CCC.

R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list R6-SELECTIVE-PREFIX seq 5 permit 10.6.1.0/24
R1(config)#
R1(config)#route-map AAA-VRF-IMPORT permit 20
R1(config-route-map)#match ip address prefix-list R6-SELECTIVE-PREFIX
R1(config-route-map)#
R1(config-route-map)#vrf definition AAA
R1(config-vrf)#address-family ipv4
R1(config-vrf-af)#route-target import 666:6
R1(config-vrf-af)#end
R1#
R1#clear bgp vpnv4 unicast * soft 
R1#

 Verify BGP table for VRF AAA on R1. Now it has imported only specific routes which are permitted by route-map.

R1#sh bgp vpnv4 unicast vrf AAA 
BGP table version is 20, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 333:3 (default for vrf AAA)
*> 10.3.1.0/24      172.16.13.3              0             0 333 i
*> 10.3.2.0/24      172.16.13.3              0             0 333 i
*>i10.4.2.0/24      172.16.0.2               0    100      0 444 i
*>i10.6.1.0/24      172.16.0.2               0    100      0 666 i
*> 172.16.13.0/24   0.0.0.0                  0         32768 ?

Verify BGP table and Routing table on R3:

R3#sh ip bgp
BGP table version is 37, local router ID is 172.16.13.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.3.1.0/24      0.0.0.0                  0         32768 i
*> 10.3.2.0/24      0.0.0.0                  0         32768 i
*> 10.4.2.0/24      172.16.13.1                            0 100 444 i
*> 10.6.1.0/24      172.16.13.1                            0 100 666 i
r> 172.16.13.0/24   172.16.13.1              0             0 100 ?

R3#sh ip route bgp 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        10.4.2.0/24 [20/0] via 172.16.13.1, 00:17:51
B        10.6.1.0/24 [20/0] via 172.16.13.1, 00:02:51

We have the route to reach remote networks of R4 and R6. Can we ping them?

R3#ping 10.4.2.1 source 10.3.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.2.1, timeout is 2 seconds:
Packet sent with a source address of 10.3.1.1 
.....
Success rate is 0 percent (0/5)

No, WHY?
Because R4 and R6 don’t have route for R3’s networks to sent traffic back to R3.

R4#sh ip route 10.3.1.0
% Subnet not in table

We have to import VRF AAA’s routes into VRF BBB and CCC to get end-to-end reachability for these networks.
Apply below configuration on R2:

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#vrf definition BBB
R2(config-vrf)#address-family ipv4
R2(config-vrf-af)#route-target import 333:3
R2(config-vrf-af)#
R2(config-vrf-af)#vrf definition CCC
R2(config-vrf)#address-family ipv4
R2(config-vrf-af)#route-target import 333:3
R2(config-vrf-af)#end
R2#
R2#clear bgp vpnv4 unicast * soft 
R2#
R2#

R2 is showing prefixes of VRF AAA imported into vrf BBB and CCC.

R2#sh bgp vpnv4 unicast all         
BGP table version is 18, local router ID is 172.16.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 333:3
*>i10.3.1.0/24      172.16.0.1               0    100      0 333 i
*>i10.3.2.0/24      172.16.0.1               0    100      0 333 i
*>i172.16.13.0/24   172.16.0.1               0    100      0 ?
Route Distinguisher: 444:4 (default for vrf BBB)
*>i10.3.1.0/24      172.16.0.1               0    100      0 333 i
*>i10.3.2.0/24      172.16.0.1               0    100      0 333 i
*> 10.4.1.0/24      172.16.24.4              0             0 444 i
*> 10.4.2.0/24      172.16.24.4              0             0 444 i
*>i172.16.13.0/24   172.16.0.1               0    100      0 ?
*> 172.16.24.0/24   0.0.0.0                  0         32768 ?
*> 192.168.1.0      172.16.24.4              0             0 444 i
Route Distinguisher: 666:6 (default for vrf CCC)
*>i10.3.1.0/24      172.16.0.1               0    100      0 333 i
*>i10.3.2.0/24      172.16.0.1               0    100      0 333 i
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.6.1.0/24      172.16.26.6              0             0 666 i
*> 10.6.2.0/24      172.16.26.6              0             0 666 i
*>i172.16.13.0/24   172.16.0.1               0    100      0 ?
*> 172.16.26.0/24   0.0.0.0                  0         32768 ?
*> 192.168.1.0      172.16.26.6              0             0 666 i
R2#

Let’s verify BGP table and Route table of R4 and R6.

R4#sh ip bgp
BGP table version is 34, local router ID is 172.16.24.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.3.1.0/24      172.16.24.2                            0 100 333 i
*> 10.3.2.0/24      172.16.24.2                            0 100 333 i
*> 10.4.1.0/24      0.0.0.0                  0         32768 i
*> 10.4.2.0/24      0.0.0.0                  0         32768 i
*> 172.16.13.0/24   172.16.24.2                            0 100 ?
r> 172.16.24.0/24   172.16.24.2              0             0 100 ?
*> 192.168.1.0      0.0.0.0                  0         32768 i
R4#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        10.3.1.0/24 [20/0] via 172.16.24.2, 00:01:59
B        10.3.2.0/24 [20/0] via 172.16.24.2, 00:01:59
      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B        172.16.13.0/24 [20/0] via 172.16.24.2, 00:01:59
R4#sh ip route 10.3.1.0
Routing entry for 10.3.1.0/24
  Known via "bgp 444", distance 20, metric 0
  Tag 100, type external
  Last update from 172.16.24.2 00:02:05 ago
  Routing Descriptor Blocks:
  * 172.16.24.2, from 172.16.24.2, 00:02:05 ago
      Route metric is 0, traffic share count is 1
      AS Hops 2
      Route tag 100
      MPLS label: none
R4#


R6#sh ip bgp
BGP table version is 36, local router ID is 172.16.26.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.3.1.0/24      172.16.26.2                            0 100 333 i
*> 10.3.2.0/24      172.16.26.2                            0 100 333 i
*> 10.6.1.0/24      0.0.0.0                  0         32768 i
*> 10.6.2.0/24      0.0.0.0                  0         32768 i
*> 172.16.13.0/24   172.16.26.2                            0 100 ?
r> 172.16.26.0/24   172.16.26.2              0             0 100 ?
*> 192.168.1.0      0.0.0.0                  0         32768 i
R6#
R6#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        10.3.1.0/24 [20/0] via 172.16.26.2, 00:02:29
B        10.3.2.0/24 [20/0] via 172.16.26.2, 00:02:29
      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B        172.16.13.0/24 [20/0] via 172.16.26.2, 00:02:29
R6#

Now check end-to-end connectivity with Ping from R3 to R4 and R6 networks.

R3#ping 10.4.2.1 source 10.3.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.2.1, timeout is 2 seconds:
Packet sent with a source address of 10.3.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/51/76 ms

R3#ping 10.6.1.1 source 10.3.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.6.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.3.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/52/64 ms

 Everything looks fine so far.

We got another requirement. On Router R1, VRF AAA has to import prefix 192.168.1.0/24 from VRF BBB.

Currently we are using below prefix-list and route-map:

R1#sh run | s prefix-list|route-map
ip prefix-list R4-SELECTIVE-PREFIX seq 5 permit 10.4.2.0/24
ip prefix-list R6-SELECTIVE-PREFIX seq 5 permit 10.6.1.0/24
route-map AAA-VRF-IMPORT permit 10
 match ip address prefix-list R4-SELECTIVE-PREFIX
route-map AAA-VRF-IMPORT permit 20
 match ip address prefix-list R6-SELECTIVE-PREFIX

If we create another prefix list entry to permit 192.168.1.0/24, We should be all set.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip prefix-list R4-SELECTIVE-PREFIX seq 10 permit 192.168.1.0/24
R1(config)#end
R1#

Let’s verify routing table on R3. We have route for 192.168.1.0/24 now.

R3#sh ip route bgp 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        10.4.2.0/24 [20/0] via 172.16.13.1, 00:41:07
B        10.6.1.0/24 [20/0] via 172.16.13.1, 00:26:07
B     192.168.1.0/24 [20/0] via 172.16.13.1, 00:00:06

And we can ping remote network also.

R3#ping 192.168.1.1 source 10.3.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.3.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/39/56 ms

Everything looks fine.

Let’s goto Router R4 and shutdown interface Loopback 192 which is used for network 192.168.1.0/24

R4#sh run int l192
Building configuration...

Current configuration : 67 bytes
!
interface Loopback192
 ip address 192.168.1.1 255.255.255.0
end

R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R4(config)#int l192
R4(config-if)#shut
R4(config-if)#
R4(config-if)#
*Jun  4 19:29:03.474: %LINK-5-CHANGED: Interface Loopback192, changed state to administratively down
*Jun  4 19:29:04.474: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback192, changed state to down
R4(config-if)#

Now goto Router R3 and try to ping 192.168.1.1 again. It should not be working, right?
But it can still ping it 🙂

Let’s see who is this 192.168.1.1 device.

R3#192.168.1.1
Trying 192.168.1.1 ... Open


User Access Verification

Password: 
R6#

 Hmm..we are receiving 192.168.1.0/24 prefix from R6(VRF CCC).

Let’s enable interface loopback192 on R4.

R4(config-if)#no shut
R4(config-if)#end
R4#
*Jun  4 19:31:05.626: %LINK-3-UPDOWN: Interface Loopback192, changed state to up
*Jun  4 19:31:06.490: %SYS-5-CONFIG_I: Configured from console by console
R4#
*Jun  4 19:31:06.626: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback192, changed state to up
R4#

Let’s see what is happening on Router R1 for importing routes from other VRFs.

R1#sh bgp vpnv4 unicast all    
BGP table version is 24, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 333:3 (default for vrf AAA)
*> 10.3.1.0/24      172.16.13.3              0             0 333 i
*> 10.3.2.0/24      172.16.13.3              0             0 333 i
*>i10.4.2.0/24      172.16.0.2               0    100      0 444 i
*>i10.6.1.0/24      172.16.0.2               0    100      0 666 i
*> 172.16.13.0/24   0.0.0.0                  0         32768 ?
* i192.168.1.0      172.16.0.2               0    100      0 444 i
*>i                 172.16.0.2               0    100      0 666 i
Route Distinguisher: 444:4
*>i10.4.1.0/24      172.16.0.2               0    100      0 444 i
*>i10.4.2.0/24      172.16.0.2               0    100      0 444 i
*>i172.16.24.0/24   172.16.0.2               0    100      0 ?
*>i192.168.1.0      172.16.0.2               0    100      0 444 i
Route Distinguisher: 666:6
*>i10.6.1.0/24      172.16.0.2               0    100      0 666 i
   Network          Next Hop            Metric LocPrf Weight Path
*>i10.6.2.0/24      172.16.0.2               0    100      0 666 i
*>i172.16.26.0/24   172.16.0.2               0    100      0 ?
*>i192.168.1.0      172.16.0.2               0    100      0 666 i
R1#

It has imported this route from two different VRFs (BBB and CCC)

R1#sh bgp vpnv4 unicast vrf AAA 192.168.1.0
BGP routing table entry for 333:3:192.168.1.0/24, version 23
Paths: (2 available, best #2, table AAA)
  Advertised to update-groups:
     5         
  444, imported path from 444:4:192.168.1.0/24
    172.16.0.2 (metric 2) from 172.16.0.2 (172.16.0.2)
      Origin IGP, metric 0, localpref 100, valid, internal
      Extended Community: RT:444:4
      mpls labels in/out nolabel/21
  666, imported path from 666:6:192.168.1.0/24
    172.16.0.2 (metric 2) from 172.16.0.2 (172.16.0.2)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:666:6
      mpls labels in/out nolabel/38

This is not our requirement. We want to import it only from VRF BBB.

We have to match prefix along with extended community value to achieve this goal.

Create extended-community list and match it inside route-map.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip extcommunity-list standard FROM-R4 permit rt 444:4
R1(config)#ip extcommunity-list standard FROM-R6 permit rt 666:6
R1(config)#
R1(config)#route-map AAA-VRF-IMPORT permit 10
R1(config-route-map)#match extcommunity FROM-R4
R1(config-route-map)#route-map AAA-VRF-IMPORT permit 20
R1(config-route-map)#match extcommunity FROM-R6        
R1(config-route-map)#end
R1#

We have this configuration now:

R1#sh run | s prefix|extcommunity-list|route-map
ip extcommunity-list standard FROM-R4 permit rt 444:4
ip extcommunity-list standard FROM-R6 permit rt 666:6
ip prefix-list R4-SELECTIVE-PREFIX seq 5 permit 10.4.2.0/24
ip prefix-list R4-SELECTIVE-PREFIX seq 10 permit 192.168.1.0/24
ip prefix-list R6-SELECTIVE-PREFIX seq 5 permit 10.6.1.0/24
route-map AAA-VRF-IMPORT permit 10
 match ip address prefix-list R4-SELECTIVE-PREFIX
 match extcommunity FROM-R4
route-map AAA-VRF-IMPORT permit 20
 match ip address prefix-list R6-SELECTIVE-PREFIX
 match extcommunity FROM-R6
R1#

Here route-map would use Boolean AND logic and permit prefix if it is matched by BOTH conditions, prefix-list and extended-community value.

Route-map sequence #10 will match prefixes 10.4.2.0/24 and 192.168.1.0/24 if they have RT extended-community value 444:4 only.

Similarily Route-map sequence #20 will match prefixes 10.6.1.0/24 if it has RT extended-community value 666:6 only.

Verify VRF AAA BGP table now on Router R1.

R1#sh bgp vpnv4 unicast vrf AAA
BGP table version is 25, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 333:3 (default for vrf AAA)
*> 10.3.1.0/24      172.16.13.3              0             0 333 i
*> 10.3.2.0/24      172.16.13.3              0             0 333 i
*>i10.4.2.0/24      172.16.0.2               0    100      0 444 i
*>i10.6.1.0/24      172.16.0.2               0    100      0 666 i
*> 172.16.13.0/24   0.0.0.0                  0         32768 ?
*>i192.168.1.0      172.16.0.2               0    100      0 444 i

R1#sh bgp vpnv4 unicast vrf AAA 192.168.1.0
BGP routing table entry for 333:3:192.168.1.0/24, version 25
Paths: (1 available, best #1, table AAA)
  Advertised to update-groups:
     5         
  444, imported path from 444:4:192.168.1.0/24
    172.16.0.2 (metric 2) from 172.16.0.2 (172.16.0.2)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:444:4
      mpls labels in/out nolabel/21

Verify BGP table, reachability from R3 for all remote networks.

R3#sh ip bgp
BGP table version is 40, local router ID is 172.16.13.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.3.1.0/24      0.0.0.0                  0         32768 i
*> 10.3.2.0/24      0.0.0.0                  0         32768 i
*> 10.4.2.0/24      172.16.13.1                            0 100 444 i
*> 10.6.1.0/24      172.16.13.1                            0 100 666 i
r> 172.16.13.0/24   172.16.13.1              0             0 100 ?
*> 192.168.1.0      172.16.13.1                            0 100 444 i


R3#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B        10.4.2.0/24 [20/0] via 172.16.13.1, 01:02:20
B        10.6.1.0/24 [20/0] via 172.16.13.1, 00:47:20
B     192.168.1.0/24 [20/0] via 172.16.13.1, 00:08:19


R3#ping 10.4.2.1 source 10.3.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.2.1, timeout is 2 seconds:
Packet sent with a source address of 10.3.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/48/60 ms

R3#ping 10.6.1.1 source 10.3.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.6.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.3.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/49/64 ms

R3#ping 192.168.1.1 source 10.3.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.3.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/45/72 ms

Final Configuration on R1 and R2.

R1:

vrf definition AAA
rd 333:3
!
address-family ipv4
import map AAA-VRF-IMPORT
route-target export 333:3
route-target import 333:3
route-target import 444:4
route-target import 666:6
exit-address-family
!
interface Loopback0
ip address 172.16.0.1 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 172.16.12.1 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
mpls ip
!
interface FastEthernet1/0
vrf forwarding AAA
ip address 172.16.13.1 255.255.255.0
speed 100
duplex full
!
router ospf 1
log-adjacency-changes
!
router bgp 100
bgp router-id 172.16.0.1
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 172.16.0.2 remote-as 100
neighbor 172.16.0.2 update-source Loopback0
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 172.16.0.2 activate
neighbor 172.16.0.2 send-community extended
exit-address-family
!
address-family ipv4 vrf AAA
no synchronization
redistribute connected
neighbor 172.16.13.3 remote-as 333
neighbor 172.16.13.3 activate
exit-address-family
!
!
ip extcommunity-list standard FROM-R4 permit rt 444:4
ip extcommunity-list standard FROM-R6 permit rt 666:6
!
ip prefix-list R4-SELECTIVE-PREFIX seq 5 permit 10.4.2.0/24
ip prefix-list R4-SELECTIVE-PREFIX seq 10 permit 192.168.1.0/24
!
ip prefix-list R6-SELECTIVE-PREFIX seq 5 permit 10.6.1.0/24
!
route-map AAA-VRF-IMPORT permit 10
match ip address prefix-list R4-SELECTIVE-PREFIX
match extcommunity FROM-R4
!
route-map AAA-VRF-IMPORT permit 20
match ip address prefix-list R6-SELECTIVE-PREFIX
match extcommunity FROM-R6
!

R2:

vrf definition BBB
rd 444:4
!
address-family ipv4
route-target export 444:4
route-target import 444:4
route-target import 333:3
exit-address-family
!
vrf definition CCC
rd 666:6
!
address-family ipv4
route-target export 666:6
route-target import 666:6
route-target import 333:3
exit-address-family
!
interface Loopback0
ip address 172.16.0.2 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 172.16.12.2 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
mpls ip
!
interface FastEthernet1/0
vrf forwarding BBB
ip address 172.16.24.2 255.255.255.0
!
interface FastEthernet1/1
vrf forwarding CCC
ip address 172.16.26.2 255.255.255.0
!
router ospf 1
log-adjacency-changes
!
router bgp 100
bgp router-id 172.16.0.2
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 172.16.0.1 remote-as 100
neighbor 172.16.0.1 update-source Loopback0
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 172.16.0.1 activate
neighbor 172.16.0.1 send-community extended
exit-address-family
!
address-family ipv4 vrf BBB
no synchronization
redistribute connected
neighbor 172.16.24.4 remote-as 444
neighbor 172.16.24.4 activate
exit-address-family
!
address-family ipv4 vrf CCC
no synchronization
redistribute connected
neighbor 172.16.26.6 remote-as 666
neighbor 172.16.26.6 activate
exit-address-family